my %disabled = ( # "what" => "comment"
"camellia" => "default",
+ "capieng" => "default",
+ "cms" => "default",
"gmp" => "default",
"mdc2" => "default",
"rc5" => "default",
bn ec rsa dsa ecdsa dh ecdh dso engine \
buffer bio stack lhash rand err \
evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \
- store pqueue
+ store cms pqueue
# keep in mind that the above list is adjusted by ./Configure
# according to no-xxx arguments...
rem build [target] [debug opts] [assembly opts] [configure opts]
rem
rem target - "netware-clib" - CLib NetWare build (WinSock Sockets)
-rem - "netware-libc" - LibC NKS NetWare build (WinSock Sockets)
-rem - "netware-libc-bsdsock" - LibC NKS NetWare build (BSD Sockets)
+rem - "netware-clib-bsdsock" - CLib NetWare build (BSD Sockets)
+rem - "netware-libc" - LibC NetWare build (WinSock Sockets)
+rem - "netware-libc-bsdsock" - LibC NetWare build (BSD Sockets)
rem
rem debug opts - "debug" - build debug
rem
if "%1" == "nw-nasm" set ARG_PROCESSED=YES
if "%1" == "nw-mwasm" set ASM_MODE=nw-mwasm
if "%1" == "nw-mwasm" set ASSEMBLER=Metrowerks
-if "%1" == "nw-mwasm" set NO_ASM=
+if "%1" == "nw-mwasm" set NO_ASM=
if "%1" == "nw-mwasm" set ARG_PROCESSED=YES
if "%1" == "netware-clib" set BLD_TARGET=netware-clib
if "%1" == "netware-clib" set ARG_PROCESSED=YES
+if "%1" == "netware-clib-bsdsock" set BLD_TARGET=netware-clib-bsdsock
+if "%1" == "netware-clib-bsdsock" set ARG_PROCESSED=YES
if "%1" == "netware-libc" set BLD_TARGET=netware-libc
if "%1" == "netware-libc" set ARG_PROCESSED=YES
if "%1" == "netware-libc-bsdsock" set BLD_TARGET=netware-libc-bsdsock
rem build the nlm make file name which includes target and debug info
set NLM_MAKE=
if "%BLD_TARGET%" == "netware-clib" set NLM_MAKE=netware\nlm_clib
+if "%BLD_TARGET%" == "netware-clib-bsdsock" set NLM_MAKE=netware\nlm_clib_bsdsock
if "%BLD_TARGET%" == "netware-libc" set NLM_MAKE=netware\nlm_libc
if "%BLD_TARGET%" == "netware-libc-bsdsock" set NLM_MAKE=netware\nlm_libc_bsdsock
if "%DEBUG%" == "" set NLM_MAKE=%NLM_MAKE%.mak
echo Bignum
cd crypto\bn\asm
-perl x86.pl %ASM_MODE% > bn-nw.asm
+rem perl x86.pl %ASM_MODE% > bn-nw.asm
+perl bn-586.pl %ASM_MODE% > bn-nw.asm
+perl co-586.pl %ASM_MODE% > co-nw.asm
+cd ..\..\..
+
+echo AES
+cd crypto\aes\asm
+perl aes-586.pl %ASM_MODE% > a-nw.asm
cd ..\..\..
echo DES
perl rc5-586.pl %ASM_MODE% > r5-nw.asm
cd ..\..\..
+echo CPUID
+cd crypto
+perl x86cpuid.pl %ASM_MODE% > x86cpuid-nw.asm
+cd ..\
+
rem ===============================================================
rem
:do_config
echo .
perl util\mk1mf.pl %DEBUG% %ASM_MODE% %CONFIG_OPTS% %BLD_TARGET% >%NLM_MAKE%
+make -f %NLM_MAKE% vclean
+echo .
echo The makefile "%NLM_MAKE%" has been created use your maketool to
-echo build (ex: gmake -f %NLM_MAKE%)
+echo build (ex: make -f %NLM_MAKE%)
goto end
rem ===============================================================
echo . usage: build [target] [debug opts] [assembly opts] [configure opts]
echo .
echo . target - "netware-clib" - CLib NetWare build (WinSock Sockets)
-echo . - "netware-libc" - LibC NKS NetWare build (WinSock Sockets)
-echo . - "netware-libc-bsdsock" - LibC NKS NetWare build (BSD Sockets)
+echo . - "netware-clib-bsdsock" - CLib NetWare build (BSD Sockets)
+echo . - "netware-libc" - LibC NetWare build (WinSock Sockets)
+echo . - "netware-libc-bsdsock" - LibC NetWare build (BSD Sockets)
echo .
echo . debug opts - "debug" - build debug
echo .
copy %loc%\test\testx509.pem %2\openssl\test\
copy %loc%\test\v3-cert1.pem %2\openssl\test\
copy %loc%\test\v3-cert2.pem %2\openssl\test\
+copy %loc%\crypto\evp\evptests.txt %2\openssl\test\
rem copy the apps directory stuff
copy %loc%\apps\client.pem %2\openssl\apps\
# delete all the output files in the output directory
unlink <$output_path\\*.*>;
- # open the main log file
+ # open the main log file
open(OUT, ">$log_file") || die "unable to open $log_file\n";
-
+ print( OUT "========================================================\n");
+ my $outFile = "$output_path\\version.out";
+ system("openssl2 version (CLIB_OPT)/>$outFile");
+ log_output("CHECKING FOR OPENSSL VERSION:", $outFile);
+
algorithm_tests();
encryption_tests();
+ evp_tests();
pem_tests();
verify_tests();
ca_tests();
{
my $i;
my $outFile;
- my @tests = ( rsa_test, destest, ideatest, bftest, shatest, sha1test,
- md5test, dsatest, md2test, mdc2test, rc2test, rc4test, randtest,
- dhtest, exptest );
+ my @tests = ( rsa_test, destest, ideatest, bftest, bntest, shatest, sha1test,
+ sha256t, sha512t, dsatest, md2test, md4test, md5test, mdc2test,
+ rc2test, rc4test, rc5test, randtest, rmdtest, dhtest, ecdhtest,
+ ecdsatest, ectest, exptest, casttest, hmactest );
print( "\nRUNNING CRYPTO ALGORITHM TESTS:\n\n");
foreach $i (@tests)
{
if (-e "$base_path\\$i.nlm")
- {
+ {
$outFile = "$output_path\\$i.out";
- system("$i > $outFile");
+ system("$i (CLIB_OPT)/>$outFile");
log_desc("Test: $i\.nlm:");
log_output("", $outFile );
- }
- else
- {
+ }
+ else
+ {
log_desc("Test: $i\.nlm: file not found");
- }
+ }
}
}
# do encryption
$outFile = "$output_path\\enc.out";
- system("openssl2 $i -e -bufsize 113 -k test -in $input -out $cipher > $outFile" );
+ system("openssl2 $i -e -bufsize 113 -k test -in $input -out $cipher (CLIB_OPT)/>$outFile" );
log_output("Encrypting: $input --> $cipher", $outFile);
# do decryption
$outFile = "$output_path\\dec.out";
- system("openssl2 $i -d -bufsize 157 -k test -in $cipher -out $clear > $outFile");
+ system("openssl2 $i -d -bufsize 157 -k test -in $cipher -out $clear (CLIB_OPT)/>$outFile");
log_output("Decrypting: $cipher --> $clear", $outFile);
# compare files
$x = compare_files( $input, $clear, 1);
if ( $x == 0 )
{
- print( "SUCCESS - files match: $input, $clear\n");
+ print( "\rSUCCESS - files match: $input, $clear\n");
print( OUT "SUCCESS - files match: $input, $clear\n");
}
else
{
- print( "ERROR: files don't match\n");
+ print( "\rERROR: files don't match\n");
print( OUT "ERROR: files don't match\n");
}
# do encryption B64
$outFile = "$output_path\\B64enc.out";
- system("openssl2 $i -a -e -bufsize 113 -k test -in $input -out $cipher > $outFile");
+ system("openssl2 $i -a -e -bufsize 113 -k test -in $input -out $cipher (CLIB_OPT)/>$outFile");
log_output("Encrypting(B64): $cipher --> $clear", $outFile);
# do decryption B64
$outFile = "$output_path\\B64dec.out";
- system("openssl2 $i -a -d -bufsize 157 -k test -in $cipher -out $clear > $outFile");
+ system("openssl2 $i -a -d -bufsize 157 -k test -in $cipher -out $clear (CLIB_OPT)/>$outFile");
log_output("Decrypting(B64): $cipher --> $clear", $outFile);
# compare files
$x = compare_files( $input, $clear, 1);
if ( $x == 0 )
{
- print( "SUCCESS - files match: $input, $clear\n");
+ print( "\rSUCCESS - files match: $input, $clear\n");
print( OUT "SUCCESS - files match: $input, $clear\n");
}
else
{
- print( "ERROR: files don't match\n");
+ print( "\rERROR: files don't match\n");
print( OUT "ERROR: files don't match\n");
}
if ($i ne "req" )
{
- system("openssl2 $i -in $input -out $tmp_out > $outFile");
+ system("openssl2 $i -in $input -out $tmp_out (CLIB_OPT)/>$outFile");
log_output( "openssl2 $i -in $input -out $tmp_out", $outFile);
}
else
{
- system("openssl2 $i -in $input -out $tmp_out -config $OpenSSL_config > $outFile");
+ system("openssl2 $i -in $input -out $tmp_out -config $OpenSSL_config (CLIB_OPT)/>$outFile");
log_output( "openssl2 $i -in $input -out $tmp_out -config $OpenSSL_config", $outFile );
}
$x = compare_files( $input, $tmp_out);
if ( $x == 0 )
{
- print( "SUCCESS - files match: $input, $tmp_out\n");
+ print( "\rSUCCESS - files match: $input, $tmp_out\n");
print( OUT "SUCCESS - files match: $input, $tmp_out\n");
}
else
{
- print( "ERROR: files don't match\n");
+ print( "\rERROR: files don't match\n");
print( OUT "ERROR: files don't match\n");
}
do_wait();
my $i;
my $outFile = "$output_path\\verify.out";
- my @cert_files = <$cert_path\\*.pem>;
+ $cert_path =~ s/\\/\//g;
+ my @cert_files = <$cert_path/*.pem>;
print( "\nRUNNING VERIFY TESTS:\n\n");
foreach $i (@cert_files)
{
- system("openssl2 verify -CAfile $tmp_cert $i >$outFile");
+ system("openssl2 verify -CAfile $tmp_cert $i (CLIB_OPT)/>$outFile");
log_desc("Verifying cert: $i");
log_output("openssl2 verify -CAfile $tmp_cert $i", $outFile);
}
print( OUT "\n========================================================\n");
print( OUT "SSL TESTS:\n\n");
- system("ssltest -ssl2 >$outFile");
+ system("ssltest -ssl2 (CLIB_OPT)/>$outFile");
log_desc("Testing sslv2:");
log_output("ssltest -ssl2", $outFile);
- system("$ssltest -ssl2 -server_auth >$outFile");
+ system("$ssltest -ssl2 -server_auth (CLIB_OPT)/>$outFile");
log_desc("Testing sslv2 with server authentication:");
log_output("$ssltest -ssl2 -server_auth", $outFile);
- system("$ssltest -ssl2 -client_auth >$outFile");
+ system("$ssltest -ssl2 -client_auth (CLIB_OPT)/>$outFile");
log_desc("Testing sslv2 with client authentication:");
log_output("$ssltest -ssl2 -client_auth", $outFile);
- system("$ssltest -ssl2 -server_auth -client_auth >$outFile");
+ system("$ssltest -ssl2 -server_auth -client_auth (CLIB_OPT)/>$outFile");
log_desc("Testing sslv2 with both client and server authentication:");
log_output("$ssltest -ssl2 -server_auth -client_auth", $outFile);
- system("ssltest -ssl3 >$outFile");
+ system("ssltest -ssl3 (CLIB_OPT)/>$outFile");
log_desc("Testing sslv3:");
log_output("ssltest -ssl3", $outFile);
- system("$ssltest -ssl3 -server_auth >$outFile");
+ system("$ssltest -ssl3 -server_auth (CLIB_OPT)/>$outFile");
log_desc("Testing sslv3 with server authentication:");
log_output("$ssltest -ssl3 -server_auth", $outFile);
- system("$ssltest -ssl3 -client_auth >$outFile");
+ system("$ssltest -ssl3 -client_auth (CLIB_OPT)/>$outFile");
log_desc("Testing sslv3 with client authentication:");
log_output("$ssltest -ssl3 -client_auth", $outFile);
- system("$ssltest -ssl3 -server_auth -client_auth >$outFile");
+ system("$ssltest -ssl3 -server_auth -client_auth (CLIB_OPT)/>$outFile");
log_desc("Testing sslv3 with both client and server authentication:");
log_output("$ssltest -ssl3 -server_auth -client_auth", $outFile);
- system("ssltest >$outFile");
+ system("ssltest (CLIB_OPT)/>$outFile");
log_desc("Testing sslv2/sslv3:");
log_output("ssltest", $outFile);
- system("$ssltest -server_auth >$outFile");
+ system("$ssltest -server_auth (CLIB_OPT)/>$outFile");
log_desc("Testing sslv2/sslv3 with server authentication:");
log_output("$ssltest -server_auth", $outFile);
- system("$ssltest -client_auth >$outFile");
+ system("$ssltest -client_auth (CLIB_OPT)/>$outFile");
log_desc("Testing sslv2/sslv3 with client authentication:");
log_output("$ssltest -client_auth ", $outFile);
- system("$ssltest -server_auth -client_auth >$outFile");
+ system("$ssltest -server_auth -client_auth (CLIB_OPT)/>$outFile");
log_desc("Testing sslv2/sslv3 with both client and server authentication:");
log_output("$ssltest -server_auth -client_auth", $outFile);
- system("ssltest -bio_pair -ssl2 >$outFile");
+ system("ssltest -bio_pair -ssl2 (CLIB_OPT)/>$outFile");
log_desc("Testing sslv2 via BIO pair:");
log_output("ssltest -bio_pair -ssl2", $outFile);
- system("ssltest -bio_pair -dhe1024dsa -v >$outFile");
+ system("ssltest -bio_pair -dhe1024dsa -v (CLIB_OPT)/>$outFile");
log_desc("Testing sslv2/sslv3 with 1024 bit DHE via BIO pair:");
log_output("ssltest -bio_pair -dhe1024dsa -v", $outFile);
- system("$ssltest -bio_pair -ssl2 -server_auth >$outFile");
+ system("$ssltest -bio_pair -ssl2 -server_auth (CLIB_OPT)/>$outFile");
log_desc("Testing sslv2 with server authentication via BIO pair:");
log_output("$ssltest -bio_pair -ssl2 -server_auth", $outFile);
- system("$ssltest -bio_pair -ssl2 -client_auth >$outFile");
+ system("$ssltest -bio_pair -ssl2 -client_auth (CLIB_OPT)/>$outFile");
log_desc("Testing sslv2 with client authentication via BIO pair:");
log_output("$ssltest -bio_pair -ssl2 -client_auth", $outFile);
- system("$ssltest -bio_pair -ssl2 -server_auth -client_auth >$outFile");
+ system("$ssltest -bio_pair -ssl2 -server_auth -client_auth (CLIB_OPT)/>$outFile");
log_desc("Testing sslv2 with both client and server authentication via BIO pair:");
log_output("$ssltest -bio_pair -ssl2 -server_auth -client_auth", $outFile);
- system("ssltest -bio_pair -ssl3 >$outFile");
+ system("ssltest -bio_pair -ssl3 (CLIB_OPT)/>$outFile");
log_desc("Testing sslv3 via BIO pair:");
log_output("ssltest -bio_pair -ssl3", $outFile);
- system("$ssltest -bio_pair -ssl3 -server_auth >$outFile");
+ system("$ssltest -bio_pair -ssl3 -server_auth (CLIB_OPT)/>$outFile");
log_desc("Testing sslv3 with server authentication via BIO pair:");
log_output("$ssltest -bio_pair -ssl3 -server_auth", $outFile);
- system("$ssltest -bio_pair -ssl3 -client_auth >$outFile");
+ system("$ssltest -bio_pair -ssl3 -client_auth (CLIB_OPT)/>$outFile");
log_desc("Testing sslv3 with client authentication via BIO pair:");
log_output("$ssltest -bio_pair -ssl3 -client_auth", $outFile);
- system("$ssltest -bio_pair -ssl3 -server_auth -client_auth >$outFile");
+ system("$ssltest -bio_pair -ssl3 -server_auth -client_auth (CLIB_OPT)/>$outFile");
log_desc("Testing sslv3 with both client and server authentication via BIO pair:");
log_output("$ssltest -bio_pair -ssl3 -server_auth -client_auth", $outFile);
- system("ssltest -bio_pair >$outFile");
+ system("ssltest -bio_pair (CLIB_OPT)/>$outFile");
log_desc("Testing sslv2/sslv3 via BIO pair:");
log_output("ssltest -bio_pair", $outFile);
- system("$ssltest -bio_pair -server_auth >$outFile");
+ system("$ssltest -bio_pair -server_auth (CLIB_OPT)/>$outFile");
log_desc("Testing sslv2/sslv3 with server authentication via BIO pair:");
log_output("$ssltest -bio_pair -server_auth", $outFile);
- system("$ssltest -bio_pair -client_auth >$outFile");
+ system("$ssltest -bio_pair -client_auth (CLIB_OPT)/>$outFile");
log_desc("Testing sslv2/sslv3 with client authentication via BIO pair:");
log_output("$ssltest -bio_pair -client_auth", $outFile);
- system("$ssltest -bio_pair -server_auth -client_auth >$outFile");
+ system("$ssltest -bio_pair -server_auth -client_auth (CLIB_OPT)/>$outFile");
log_desc("Testing sslv2/sslv3 with both client and server authentication via BIO pair:");
log_output("$ssltest -bio_pair -server_auth -client_auth", $outFile);
}
print( OUT "\n========================================================\n");
print( OUT "CA TESTS:\n");
- system("openssl2 req -config $CAconf -out $CAreq -keyout $CAkey -new >$outFile");
+ system("openssl2 req -config $CAconf -out $CAreq -keyout $CAkey -new (CLIB_OPT)/>$outFile");
log_desc("Make a certificate request using req:");
log_output("openssl2 req -config $CAconf -out $CAreq -keyout $CAkey -new", $outFile);
- system("openssl2 x509 -CAcreateserial -in $CAreq -days 30 -req -out $CAcert -signkey $CAkey >$outFile");
+ system("openssl2 x509 -CAcreateserial -in $CAreq -days 30 -req -out $CAcert -signkey $CAkey (CLIB_OPT)/>$outFile");
log_desc("Convert the certificate request into a self signed certificate using x509:");
log_output("openssl2 x509 -CAcreateserial -in $CAreq -days 30 -req -out $CAcert -signkey $CAkey", $outFile);
- system("openssl2 x509 -in $CAcert -x509toreq -signkey $CAkey -out $CAreq2 >$outFile");
+ system("openssl2 x509 -in $CAcert -x509toreq -signkey $CAkey -out $CAreq2 (CLIB_OPT)/>$outFile");
log_desc("Convert a certificate into a certificate request using 'x509':");
log_output("openssl2 x509 -in $CAcert -x509toreq -signkey $CAkey -out $CAreq2", $outFile);
- system("openssl2 req -config $OpenSSL_config -verify -in $CAreq -noout >$outFile");
+ system("openssl2 req -config $OpenSSL_config -verify -in $CAreq -noout (CLIB_OPT)/>$outFile");
log_output("openssl2 req -config $OpenSSL_config -verify -in $CAreq -noout", $outFile);
- system("openssl2 req -config $OpenSSL_config -verify -in $CAreq2 -noout >$outFile");
+ system("openssl2 req -config $OpenSSL_config -verify -in $CAreq2 -noout (CLIB_OPT)/>$outFile");
log_output( "openssl2 req -config $OpenSSL_config -verify -in $CAreq2 -noout", $outFile);
- system("openssl2 verify -CAfile $CAcert $CAcert >$outFile");
+ system("openssl2 verify -CAfile $CAcert $CAcert (CLIB_OPT)/>$outFile");
log_output("openssl2 verify -CAfile $CAcert $CAcert", $outFile);
- system("openssl2 req -config $Uconf -out $Ureq -keyout $Ukey -new >$outFile");
+ system("openssl2 req -config $Uconf -out $Ureq -keyout $Ukey -new (CLIB_OPT)/>$outFile");
log_desc("Make another certificate request using req:");
log_output("openssl2 req -config $Uconf -out $Ureq -keyout $Ukey -new", $outFile);
- system("openssl2 x509 -CAcreateserial -in $Ureq -days 30 -req -out $Ucert -CA $CAcert -CAkey $CAkey -CAserial $CAserial >$outFile");
+ system("openssl2 x509 -CAcreateserial -in $Ureq -days 30 -req -out $Ucert -CA $CAcert -CAkey $CAkey -CAserial $CAserial (CLIB_OPT)/>$outFile");
log_desc("Sign certificate request with the just created CA via x509:");
log_output("openssl2 x509 -CAcreateserial -in $Ureq -days 30 -req -out $Ucert -CA $CAcert -CAkey $CAkey -CAserial $CAserial", $outFile);
- system("openssl2 verify -CAfile $CAcert $Ucert >$outFile");
+ system("openssl2 verify -CAfile $CAcert $Ucert (CLIB_OPT)/>$outFile");
log_output("openssl2 verify -CAfile $CAcert $Ucert", $outFile);
- system("openssl2 x509 -subject -issuer -startdate -enddate -noout -in $Ucert >$outFile");
+ system("openssl2 x509 -subject -issuer -startdate -enddate -noout -in $Ucert (CLIB_OPT)/>$outFile");
log_desc("Certificate details");
log_output("openssl2 x509 -subject -issuer -startdate -enddate -noout -in $Ucert", $outFile);
- print(OUT "-- \n");
+ print(OUT "--\n");
print(OUT "The generated CA certificate is $CAcert\n");
print(OUT "The generated CA private key is $CAkey\n");
print(OUT "The current CA signing serial number is in $CAserial\n");
print(OUT "--\n");
}
+############################################################################
+sub evp_tests
+{
+ my $i = 'evp_test';
+
+ print( "\nRUNNING EVP TESTS:\n\n");
+
+ print( OUT "\n========================================================\n");
+ print( OUT "EVP TESTS:\n\n");
+
+ if (-e "$base_path\\$i.nlm")
+ {
+ my $outFile = "$output_path\\$i.out";
+ system("$i $test_path\\evptests.txt (CLIB_OPT)/>$outFile");
+ log_desc("Test: $i\.nlm:");
+ log_output("", $outFile );
+ }
+ else
+ {
+ log_desc("Test: $i\.nlm: file not found");
+ }
+}
+
############################################################################
sub log_output( $ $ )
{
if ($desc)
{
- print("$desc\n");
+ print("\r$desc\n");
print(OUT "$desc\n");
}
# copy test output to log file
open(IN, "<$file");
while (<IN>)
- {
- print(OUT $_);
+ {
+ print(OUT $_);
if ( $_ =~ /ERROR/ )
{
$error = 1;
$key = getc;
print("\n");
}
-
- # Several of the testing scripts run a loop loading the
+
+ # Several of the testing scripts run a loop loading the
# same NLM with different options.
- # On slow NetWare machines there appears to be some delay in the
+ # On slow NetWare machines there appears to be some delay in the
# OS actually unloading the test nlms and the OS complains about.
- # the NLM already being loaded. This additional pause is to
- # to help provide a little more time for unloading before trying to
+ # the NLM already being loaded. This additional pause is to
+ # to help provide a little more time for unloading before trying to
# load again.
sleep(1);
}
############################################################################
sub make_tmp_cert_file()
{
- my @cert_files = <$cert_path\\*.pem>;
+ my @cert_files = <$cert_path/*.pem>;
# delete the file if it already exists
unlink($tmp_cert);
open( TMP_CERT, ">$tmp_cert") || die "\nunable to open $tmp_cert\n";
print("building temporary cert file\n");
-
+
# create a temporary cert file that contains all the certs
foreach $i (@cert_files)
{
set LIBC_BUILD=
set CLIB_BUILD=
+set GNUC=
if "%1" == "netware-clib" set CLIB_BUILD=Y
if "%1" == "netware-clib" set LIBC_BUILD=
-if "%1" == "netware-libc" set LIBC_BUILD=Y
-if "%1" == "netware-libc" set CLIB_BUILD=
+if "%1" == "netware-libc" set LIBC_BUILD=Y
+if "%1" == "netware-libc" set CLIB_BUILD=
+
+if "%2" == "gnuc" set GNUC=Y
+if "%2" == "codewarrior" set GNUC=
rem Location of tools (compiler, linker, etc)
-set TOOLS=d:\i_drive\tools
+if "%NDKBASE%" == "" set NDKBASE=c:\Novell
rem If Perl for Win32 is not already in your path, add it here
set PERL_PATH=
rem Define path to the Metrowerks command line tools
+rem or GNU Crosscompiler gcc / nlmconv
rem ( compiler, assembler, linker)
-set METROWERKS_PATH=%TOOLS%\codewar\pdk_21\tools\command line tools
-rem set METROWERKS_PATH=%TOOLS%\codewar\PDK_40\Other Metrowerks Tools\Command Line Tools
+if "%GNUC%" == "Y" set COMPILER_PATH=c:\usr\i586-netware\bin;c:\usr\bin
+if "%GNUC%" == "" set COMPILER_PATH=c:\prg\cwcmdl40
rem If using gnu make define path to utility
-set GNU_MAKE_PATH=%TOOLS%\gnu
+rem set GNU_MAKE_PATH=%NDKBASE%\gnu
+set GNU_MAKE_PATH=c:\prg\tools
rem If using ms nmake define path to nmake
-set MS_NMAKE_PATH=%TOOLS%\msvc\600\bin
+rem set MS_NMAKE_PATH=%NDKBASE%\msvc\600\bin
rem If using NASM assembler define path
-set NASM_PATH=%TOOLS%\nasm
+rem set NASM_PATH=%NDKBASE%\nasm
+set NASM_PATH=c:\prg\tools
rem Update path to include tool paths
-set path=%path%;%METROWERKS_PATH%
+set path=%path%;%COMPILER_PATH%
if not "%GNU_MAKE_PATH%" == "" set path=%path%;%GNU_MAKE_PATH%
if not "%MS_NMAKE_PATH%" == "" set path=%path%;%MS_NMAKE_PATH%
if not "%NASM_PATH%" == "" set path=%path%;%NASM_PATH%
if not "%PERL_PATH%" == "" set path=%path%;%PERL_PATH%
-rem Set MWCIncludes to location of Novell NDK includes
-if "%LIBC_BUILD%" == "Y" set MWCIncludes=%TOOLS%\ndk\libc\include;%TOOLS%\ndk\libc\include\winsock;.\engines
-if "%CLIB_BUILD%" == "Y" set MWCIncludes=%TOOLS%\ndk\nwsdk\include\nlm;.\engines
-set include=
+rem Set INCLUDES to location of Novell NDK includes
+if "%LIBC_BUILD%" == "Y" set INCLUDE=%NDKBASE%\ndk\libc\include;%NDKBASE%\ndk\libc\include\winsock
+if "%CLIB_BUILD%" == "Y" set INCLUDE=%NDKBASE%\ndk\nwsdk\include\nlm;%NDKBASE%\ws295sdk\include
rem Set Imports to location of Novell NDK import files
-if "%LIBC_BUILD%" == "Y" set IMPORTS=%TOOLS%\ndk\libc\imports
-if "%CLIB_BUILD%" == "Y" set IMPORTS=%TOOLS%\ndk\nwsdk\imports
+if "%LIBC_BUILD%" == "Y" set IMPORTS=%NDKBASE%\ndk\libc\imports
+if "%CLIB_BUILD%" == "Y" set IMPORTS=%NDKBASE%\ndk\nwsdk\imports
rem Set PRELUDE to the absolute path of the prelude object to link with in
rem the Metrowerks NetWare PDK - NOTE: for Clib builds "clibpre.o" is
rem recommended, for LibC NKS builds libcpre.o must be used
+if "%GNUC%" == "Y" goto gnuc
if "%LIBC_BUILD%" == "Y" set PRELUDE=%IMPORTS%\libcpre.o
-if "%CLIB_BUILD%" == "Y" set PRELUDE=%IMPORTS%\clibpre.o
+rem if "%CLIB_BUILD%" == "Y" set PRELUDE=%IMPORTS%\clibpre.o
+if "%CLIB_BUILD%" == "Y" set PRELUDE=%IMPORTS%\prelude.o
+echo using MetroWerks CodeWarrior
+goto info
+
+:gnuc
+if "%LIBC_BUILD%" == "Y" set PRELUDE=%IMPORTS%\libcpre.gcc.o
+rem if "%CLIB_BUILD%" == "Y" set PRELUDE=%IMPORTS%\clibpre.gcc.o
+if "%CLIB_BUILD%" == "Y" set PRELUDE=%IMPORTS%\prelude.gcc.o
+echo using GNU GCC Compiler
+:info
+echo.
if "%LIBC_BUILD%" == "Y" echo Enviroment configured for LibC build
if "%LIBC_BUILD%" == "Y" echo use "netware\build.bat netware-libc ..."
if "%CLIB_BUILD%" == "Y" echo Enviroment configured for CLib build
if "%CLIB_BUILD%" == "Y" echo use "netware\build.bat netware-clib ..."
+
goto end
:usage
rem ===============================================================
-echo .
-echo . No target build specified!
-echo .
-echo . usage: set_env [target]
-echo .
-echo . target - "netware-clib" - Clib build
-echo . - "netware-libc" - LibC build
-echo .
-
-
+echo.
+echo No target build specified!
+echo.
+echo usage: set_env [target] [compiler]
+echo.
+echo target - "netware-clib" - Clib build
+echo - "netware-libc" - LibC build
+echo.
+echo compiler - "gnuc" - GNU GCC Compiler
+echo - "codewarrior" - MetroWerks CodeWarrior (default)
+echo.
:end
+echo.
+
E_EXE= verify asn1pars req dgst dh dhparam enc passwd gendh errstr \
ca crl rsa rsautl dsa dsaparam ec ecparam \
x509 genrsa gendsa s_server s_client speed \
- s_time version pkcs7 crl2pkcs7 sess_id ciphers nseq pkcs12 \
+ s_time version pkcs7 cms crl2pkcs7 sess_id ciphers nseq pkcs12 \
pkcs8 spkac smime rand engine ocsp prime
PROGS= $(PROGRAM).c
x509.o genrsa.o gendsa.o s_server.o s_client.o speed.o \
s_time.o $(A_OBJ) $(S_OBJ) $(RAND_OBJ) version.o sess_id.o \
ciphers.o nseq.o pkcs12.o pkcs8.o spkac.o smime.o rand.o engine.o \
- ocsp.o prime.o
+ ocsp.o prime.o cms.o
E_SRC= verify.c asn1pars.c req.c dgst.c dh.c enc.c passwd.c gendh.c errstr.c ca.c \
pkcs7.c crl2p7.c crl.c \
x509.c genrsa.c gendsa.c s_server.c s_client.c speed.c \
s_time.c $(A_SRC) $(S_SRC) $(RAND_SRC) version.c sess_id.c \
ciphers.c nseq.c pkcs12.c pkcs8.c spkac.c smime.c rand.c engine.c \
- ocsp.c prime.c
+ ocsp.c prime.c cms.c
SRC=$(E_SRC)
case 'y': /* yes */
case 'Y': /* YES */
case '1': /* 1 */
- ret = 0;
+ ret = 1;
break;
default:
ret = def;
p=(char *)str->data;
for (j=str->length; j>0; j--)
{
+#ifdef CHARSET_EBCDIC
+ if ((*p >= 0x20) && (*p <= 0x7e))
+ BIO_printf(bp,"%c",os_toebcdic[*p]);
+#else
if ((*p >= ' ') && (*p <= '~'))
BIO_printf(bp,"%c",*p);
+#endif
else if (*p & 0x80)
BIO_printf(bp,"\\0x%02X",*p);
else if ((unsigned char)*p == 0xf7)
BIO_printf(bp,"^?");
+#ifdef CHARSET_EBCDIC
+ else BIO_printf(bp,"^%c",os_toebcdic[*p+0x40]);
+#else
else BIO_printf(bp,"^%c",*p+'@');
+#endif
p++;
}
BIO_printf(bp,"'\n");
--- /dev/null
+/* apps/cms.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+/* CMS utility function */
+
+#include <stdio.h>
+#include <string.h>
+#include "apps.h"
+
+#ifndef OPENSSL_NO_CMS
+
+#include <openssl/crypto.h>
+#include <openssl/pem.h>
+#include <openssl/err.h>
+#include <openssl/x509_vfy.h>
+#include <openssl/x509v3.h>
+#include <openssl/cms.h>
+
+#undef PROG
+#define PROG cms_main
+static int save_certs(char *signerfile, STACK_OF(X509) *signers);
+static int cms_cb(int ok, X509_STORE_CTX *ctx);
+static void receipt_request_print(BIO *out, CMS_ContentInfo *cms);
+static CMS_ReceiptRequest *make_receipt_request(STACK *rr_to, int rr_allorfirst,
+ STACK *rr_from);
+
+#define SMIME_OP 0x10
+#define SMIME_IP 0x20
+#define SMIME_SIGNERS 0x40
+#define SMIME_ENCRYPT (1 | SMIME_OP)
+#define SMIME_DECRYPT (2 | SMIME_IP)
+#define SMIME_SIGN (3 | SMIME_OP | SMIME_SIGNERS)
+#define SMIME_VERIFY (4 | SMIME_IP)
+#define SMIME_CMSOUT (5 | SMIME_IP | SMIME_OP)
+#define SMIME_RESIGN (6 | SMIME_IP | SMIME_OP | SMIME_SIGNERS)
+#define SMIME_DATAOUT (7 | SMIME_IP)
+#define SMIME_DATA_CREATE (8 | SMIME_OP)
+#define SMIME_DIGEST_VERIFY (9 | SMIME_IP)
+#define SMIME_DIGEST_CREATE (10 | SMIME_OP)
+#define SMIME_UNCOMPRESS (11 | SMIME_IP)
+#define SMIME_COMPRESS (12 | SMIME_OP)
+#define SMIME_ENCRYPTED_DECRYPT (13 | SMIME_IP)
+#define SMIME_ENCRYPTED_ENCRYPT (14 | SMIME_OP)
+#define SMIME_SIGN_RECEIPT (15 | SMIME_IP | SMIME_OP)
+#define SMIME_VERIFY_RECEIPT (16 | SMIME_IP)
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+ {
+ ENGINE *e = NULL;
+ int operation = 0;
+ int ret = 0;
+ char **args;
+ const char *inmode = "r", *outmode = "w";
+ char *infile = NULL, *outfile = NULL, *rctfile = NULL;
+ char *signerfile = NULL, *recipfile = NULL;
+ STACK *sksigners = NULL, *skkeys = NULL;
+ char *certfile = NULL, *keyfile = NULL, *contfile=NULL;
+ char *certsoutfile = NULL;
+ const EVP_CIPHER *cipher = NULL;
+ CMS_ContentInfo *cms = NULL, *rcms = NULL;
+ X509_STORE *store = NULL;
+ X509 *cert = NULL, *recip = NULL, *signer = NULL;
+ EVP_PKEY *key = NULL;
+ STACK_OF(X509) *encerts = NULL, *other = NULL;
+ BIO *in = NULL, *out = NULL, *indata = NULL, *rctin = NULL;
+ int badarg = 0;
+ int flags = CMS_DETACHED;
+ int rr_print = 0, rr_allorfirst = -1;
+ STACK *rr_to = NULL, *rr_from = NULL;
+ CMS_ReceiptRequest *rr = NULL;
+ char *to = NULL, *from = NULL, *subject = NULL;
+ char *CAfile = NULL, *CApath = NULL;
+ char *passargin = NULL, *passin = NULL;
+ char *inrand = NULL;
+ int need_rand = 0;
+ const EVP_MD *sign_md = NULL;
+ int informat = FORMAT_SMIME, outformat = FORMAT_SMIME;
+ int rctformat = FORMAT_SMIME, keyform = FORMAT_PEM;
+#ifndef OPENSSL_NO_ENGINE
+ char *engine=NULL;
+#endif
+ unsigned char *secret_key = NULL, *secret_keyid = NULL;
+ size_t secret_keylen = 0, secret_keyidlen = 0;
+
+ ASN1_OBJECT *econtent_type = NULL;
+
+ X509_VERIFY_PARAM *vpm = NULL;
+
+ args = argv + 1;
+ ret = 1;
+
+ apps_startup();
+
+ if (bio_err == NULL)
+ {
+ if ((bio_err = BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT);
+ }
+
+ if (!load_config(bio_err, NULL))
+ goto end;
+
+ while (!badarg && *args && *args[0] == '-')
+ {
+ if (!strcmp (*args, "-encrypt"))
+ operation = SMIME_ENCRYPT;
+ else if (!strcmp (*args, "-decrypt"))
+ operation = SMIME_DECRYPT;
+ else if (!strcmp (*args, "-sign"))
+ operation = SMIME_SIGN;
+ else if (!strcmp (*args, "-sign_receipt"))
+ operation = SMIME_SIGN_RECEIPT;
+ else if (!strcmp (*args, "-resign"))
+ operation = SMIME_RESIGN;
+ else if (!strcmp (*args, "-verify"))
+ operation = SMIME_VERIFY;
+ else if (!strcmp(*args,"-verify_receipt"))
+ {
+ operation = SMIME_VERIFY_RECEIPT;
+ if (!args[1])
+ goto argerr;
+ args++;
+ rctfile = *args;
+ }
+ else if (!strcmp (*args, "-cmsout"))
+ operation = SMIME_CMSOUT;
+ else if (!strcmp (*args, "-data_out"))
+ operation = SMIME_DATAOUT;
+ else if (!strcmp (*args, "-data_create"))
+ operation = SMIME_DATA_CREATE;
+ else if (!strcmp (*args, "-digest_verify"))
+ operation = SMIME_DIGEST_VERIFY;
+ else if (!strcmp (*args, "-digest_create"))
+ operation = SMIME_DIGEST_CREATE;
+ else if (!strcmp (*args, "-compress"))
+ operation = SMIME_COMPRESS;
+ else if (!strcmp (*args, "-uncompress"))
+ operation = SMIME_UNCOMPRESS;
+ else if (!strcmp (*args, "-EncryptedData_decrypt"))
+ operation = SMIME_ENCRYPTED_DECRYPT;
+ else if (!strcmp (*args, "-EncryptedData_encrypt"))
+ operation = SMIME_ENCRYPTED_ENCRYPT;
+#ifndef OPENSSL_NO_DES
+ else if (!strcmp (*args, "-des3"))
+ cipher = EVP_des_ede3_cbc();
+ else if (!strcmp (*args, "-des"))
+ cipher = EVP_des_cbc();
+#endif
+#ifndef OPENSSL_NO_SEED
+ else if (!strcmp (*args, "-seed"))
+ cipher = EVP_seed_cbc();
+#endif
+#ifndef OPENSSL_NO_RC2
+ else if (!strcmp (*args, "-rc2-40"))
+ cipher = EVP_rc2_40_cbc();
+ else if (!strcmp (*args, "-rc2-128"))
+ cipher = EVP_rc2_cbc();
+ else if (!strcmp (*args, "-rc2-64"))
+ cipher = EVP_rc2_64_cbc();
+#endif
+#ifndef OPENSSL_NO_AES
+ else if (!strcmp(*args,"-aes128"))
+ cipher = EVP_aes_128_cbc();
+ else if (!strcmp(*args,"-aes192"))
+ cipher = EVP_aes_192_cbc();
+ else if (!strcmp(*args,"-aes256"))
+ cipher = EVP_aes_256_cbc();
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+ else if (!strcmp(*args,"-camellia128"))
+ cipher = EVP_camellia_128_cbc();
+ else if (!strcmp(*args,"-camellia192"))
+ cipher = EVP_camellia_192_cbc();
+ else if (!strcmp(*args,"-camellia256"))
+ cipher = EVP_camellia_256_cbc();
+#endif
+ else if (!strcmp (*args, "-text"))
+ flags |= CMS_TEXT;
+ else if (!strcmp (*args, "-nointern"))
+ flags |= CMS_NOINTERN;
+ else if (!strcmp (*args, "-noverify")
+ || !strcmp (*args, "-no_signer_cert_verify"))
+ flags |= CMS_NO_SIGNER_CERT_VERIFY;
+ else if (!strcmp (*args, "-nocerts"))
+ flags |= CMS_NOCERTS;
+ else if (!strcmp (*args, "-noattr"))
+ flags |= CMS_NOATTR;
+ else if (!strcmp (*args, "-nodetach"))
+ flags &= ~CMS_DETACHED;
+ else if (!strcmp (*args, "-nosmimecap"))
+ flags |= CMS_NOSMIMECAP;
+ else if (!strcmp (*args, "-binary"))
+ flags |= CMS_BINARY;
+ else if (!strcmp (*args, "-keyid"))
+ flags |= CMS_USE_KEYID;
+ else if (!strcmp (*args, "-nosigs"))
+ flags |= CMS_NOSIGS;
+ else if (!strcmp (*args, "-no_content_verify"))
+ flags |= CMS_NO_CONTENT_VERIFY;
+ else if (!strcmp (*args, "-no_attr_verify"))
+ flags |= CMS_NO_ATTR_VERIFY;
+ else if (!strcmp (*args, "-stream"))
+ {
+ args++;
+ continue;
+ }
+ else if (!strcmp (*args, "-indef"))
+ {
+ args++;
+ continue;
+ }
+ else if (!strcmp (*args, "-noindef"))
+ flags &= ~CMS_STREAM;
+ else if (!strcmp (*args, "-nooldmime"))
+ flags |= CMS_NOOLDMIMETYPE;
+ else if (!strcmp (*args, "-crlfeol"))
+ flags |= CMS_CRLFEOL;
+ else if (!strcmp (*args, "-receipt_request_print"))
+ rr_print = 1;
+ else if (!strcmp (*args, "-receipt_request_all"))
+ rr_allorfirst = 0;
+ else if (!strcmp (*args, "-receipt_request_first"))
+ rr_allorfirst = 1;
+ else if (!strcmp(*args,"-receipt_request_from"))
+ {
+ if (!args[1])
+ goto argerr;
+ args++;
+ if (!rr_from)
+ rr_from = sk_new_null();
+ sk_push(rr_from, *args);
+ }
+ else if (!strcmp(*args,"-receipt_request_to"))
+ {
+ if (!args[1])
+ goto argerr;
+ args++;
+ if (!rr_to)
+ rr_to = sk_new_null();
+ sk_push(rr_to, *args);
+ }
+ else if (!strcmp(*args,"-secretkey"))
+ {
+ long ltmp;
+ if (!args[1])
+ goto argerr;
+ args++;
+ secret_key = string_to_hex(*args, <mp);
+ if (!secret_key)
+ {
+ BIO_printf(bio_err, "Invalid key %s\n", *args);
+ goto argerr;
+ }
+ secret_keylen = (size_t)ltmp;
+ }
+ else if (!strcmp(*args,"-secretkeyid"))
+ {
+ long ltmp;
+ if (!args[1])
+ goto argerr;
+ args++;
+ secret_keyid = string_to_hex(*args, <mp);
+ if (!secret_keyid)
+ {
+ BIO_printf(bio_err, "Invalid id %s\n", *args);
+ goto argerr;
+ }
+ secret_keyidlen = (size_t)ltmp;
+ }
+ else if (!strcmp(*args,"-econtent_type"))
+ {
+ if (!args[1])
+ goto argerr;
+ args++;
+ econtent_type = OBJ_txt2obj(*args, 0);
+ if (!econtent_type)
+ {
+ BIO_printf(bio_err, "Invalid OID %s\n", *args);
+ goto argerr;
+ }
+ }
+ else if (!strcmp(*args,"-rand"))
+ {
+ if (!args[1])
+ goto argerr;
+ args++;
+ inrand = *args;
+ need_rand = 1;
+ }
+#ifndef OPENSSL_NO_ENGINE
+ else if (!strcmp(*args,"-engine"))
+ {
+ if (!args[1])
+ goto argerr;
+ engine = *++args;
+ }
+#endif
+ else if (!strcmp(*args,"-passin"))
+ {
+ if (!args[1])
+ goto argerr;
+ passargin = *++args;
+ }
+ else if (!strcmp (*args, "-to"))
+ {
+ if (!args[1])
+ goto argerr;
+ to = *++args;
+ }
+ else if (!strcmp (*args, "-from"))
+ {
+ if (!args[1])
+ goto argerr;
+ from = *++args;
+ }
+ else if (!strcmp (*args, "-subject"))
+ {
+ if (!args[1])
+ goto argerr;
+ subject = *++args;
+ }
+ else if (!strcmp (*args, "-signer"))
+ {
+ if (!args[1])
+ goto argerr;
+ /* If previous -signer argument add signer to list */
+
+ if (signerfile)
+ {
+ if (!sksigners)
+ sksigners = sk_new_null();
+ sk_push(sksigners, signerfile);
+ if (!keyfile)
+ keyfile = signerfile;
+ if (!skkeys)
+ skkeys = sk_new_null();
+ sk_push(skkeys, keyfile);
+ keyfile = NULL;
+ }
+ signerfile = *++args;
+ }
+ else if (!strcmp (*args, "-recip"))
+ {
+ if (!args[1])
+ goto argerr;
+ recipfile = *++args;
+ }
+ else if (!strcmp (*args, "-certsout"))
+ {
+ if (!args[1])
+ goto argerr;
+ certsoutfile = *++args;
+ }
+ else if (!strcmp (*args, "-md"))
+ {
+ if (!args[1])
+ goto argerr;
+ sign_md = EVP_get_digestbyname(*++args);
+ if (sign_md == NULL)
+ {
+ BIO_printf(bio_err, "Unknown digest %s\n",
+ *args);
+ goto argerr;
+ }
+ }
+ else if (!strcmp (*args, "-inkey"))
+ {
+ if (!args[1])
+ goto argerr;
+ /* If previous -inkey arument add signer to list */
+ if (keyfile)
+ {
+ if (!signerfile)
+ {
+ BIO_puts(bio_err, "Illegal -inkey without -signer\n");
+ goto argerr;
+ }
+ if (!sksigners)
+ sksigners = sk_new_null();
+ sk_push(sksigners, signerfile);
+ signerfile = NULL;
+ if (!skkeys)
+ skkeys = sk_new_null();
+ sk_push(skkeys, keyfile);
+ }
+ keyfile = *++args;
+ }
+ else if (!strcmp (*args, "-keyform"))
+ {
+ if (!args[1])
+ goto argerr;
+ keyform = str2fmt(*++args);
+ }
+ else if (!strcmp (*args, "-rctform"))
+ {
+ if (!args[1])
+ goto argerr;
+ rctformat = str2fmt(*++args);
+ }
+ else if (!strcmp (*args, "-certfile"))
+ {
+ if (!args[1])
+ goto argerr;
+ certfile = *++args;
+ }
+ else if (!strcmp (*args, "-CAfile"))
+ {
+ if (!args[1])
+ goto argerr;
+ CAfile = *++args;
+ }
+ else if (!strcmp (*args, "-CApath"))
+ {
+ if (!args[1])
+ goto argerr;
+ CApath = *++args;
+ }
+ else if (!strcmp (*args, "-in"))
+ {
+ if (!args[1])
+ goto argerr;
+ infile = *++args;
+ }
+ else if (!strcmp (*args, "-inform"))
+ {
+ if (!args[1])
+ goto argerr;
+ informat = str2fmt(*++args);
+ }
+ else if (!strcmp (*args, "-outform"))
+ {
+ if (!args[1])
+ goto argerr;
+ outformat = str2fmt(*++args);
+ }
+ else if (!strcmp (*args, "-out"))
+ {
+ if (!args[1])
+ goto argerr;
+ outfile = *++args;
+ }
+ else if (!strcmp (*args, "-content"))
+ {
+ if (!args[1])
+ goto argerr;
+ contfile = *++args;
+ }
+ else if (args_verify(&args, NULL, &badarg, bio_err, &vpm))
+ continue;
+ else if ((cipher = EVP_get_cipherbyname(*args + 1)) == NULL)
+ badarg = 1;
+ args++;
+ }
+
+ if (((rr_allorfirst != -1) || rr_from) && !rr_to)
+ {
+ BIO_puts(bio_err, "No Signed Receipts Recipients\n");
+ goto argerr;
+ }
+
+ if (!(operation & SMIME_SIGNERS) && (rr_to || rr_from))
+ {
+ BIO_puts(bio_err, "Signed receipts only allowed with -sign\n");
+ goto argerr;
+ }
+ if (!(operation & SMIME_SIGNERS) && (skkeys || sksigners))
+ {
+ BIO_puts(bio_err, "Multiple signers or keys not allowed\n");
+ goto argerr;
+ }
+
+ if (operation & SMIME_SIGNERS)
+ {
+ if (keyfile && !signerfile)
+ {
+ BIO_puts(bio_err, "Illegal -inkey without -signer\n");
+ goto argerr;
+ }
+ /* Check to see if any final signer needs to be appended */
+ if (signerfile)
+ {
+ if (!sksigners)
+ sksigners = sk_new_null();
+ sk_push(sksigners, signerfile);
+ if (!skkeys)
+ skkeys = sk_new_null();
+ if (!keyfile)
+ keyfile = signerfile;
+ sk_push(skkeys, keyfile);
+ }
+ if (!sksigners)
+ {
+ BIO_printf(bio_err, "No signer certificate specified\n");
+ badarg = 1;
+ }
+ signerfile = NULL;
+ keyfile = NULL;
+ need_rand = 1;
+ }
+
+ else if (operation == SMIME_DECRYPT)
+ {
+ if (!recipfile && !keyfile && !secret_key)
+ {
+ BIO_printf(bio_err, "No recipient certificate or key specified\n");
+ badarg = 1;
+ }
+ }
+ else if (operation == SMIME_ENCRYPT)
+ {
+ if (!*args && !secret_key)
+ {
+ BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n");
+ badarg = 1;
+ }
+ need_rand = 1;
+ }
+ else if (!operation)
+ badarg = 1;
+
+ if (badarg)
+ {
+ argerr:
+ BIO_printf (bio_err, "Usage cms [options] cert.pem ...\n");
+ BIO_printf (bio_err, "where options are\n");
+ BIO_printf (bio_err, "-encrypt encrypt message\n");
+ BIO_printf (bio_err, "-decrypt decrypt encrypted message\n");
+ BIO_printf (bio_err, "-sign sign message\n");
+ BIO_printf (bio_err, "-verify verify signed message\n");
+ BIO_printf (bio_err, "-cmsout output CMS structure\n");
+#ifndef OPENSSL_NO_DES
+ BIO_printf (bio_err, "-des3 encrypt with triple DES\n");
+ BIO_printf (bio_err, "-des encrypt with DES\n");
+#endif
+#ifndef OPENSSL_NO_SEED
+ BIO_printf (bio_err, "-seed encrypt with SEED\n");
+#endif
+#ifndef OPENSSL_NO_RC2
+ BIO_printf (bio_err, "-rc2-40 encrypt with RC2-40 (default)\n");
+ BIO_printf (bio_err, "-rc2-64 encrypt with RC2-64\n");
+ BIO_printf (bio_err, "-rc2-128 encrypt with RC2-128\n");
+#endif
+#ifndef OPENSSL_NO_AES
+ BIO_printf (bio_err, "-aes128, -aes192, -aes256\n");
+ BIO_printf (bio_err, " encrypt PEM output with cbc aes\n");
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+ BIO_printf (bio_err, "-camellia128, -camellia192, -camellia256\n");
+ BIO_printf (bio_err, " encrypt PEM output with cbc camellia\n");
+#endif
+ BIO_printf (bio_err, "-nointern don't search certificates in message for signer\n");
+ BIO_printf (bio_err, "-nosigs don't verify message signature\n");
+ BIO_printf (bio_err, "-noverify don't verify signers certificate\n");
+ BIO_printf (bio_err, "-nocerts don't include signers certificate when signing\n");
+ BIO_printf (bio_err, "-nodetach use opaque signing\n");
+ BIO_printf (bio_err, "-noattr don't include any signed attributes\n");
+ BIO_printf (bio_err, "-binary don't translate message to text\n");
+ BIO_printf (bio_err, "-certfile file other certificates file\n");
+ BIO_printf (bio_err, "-certsout file certificate output file\n");
+ BIO_printf (bio_err, "-signer file signer certificate file\n");
+ BIO_printf (bio_err, "-recip file recipient certificate file for decryption\n");
+ BIO_printf (bio_err, "-skeyid use subject key identifier\n");
+ BIO_printf (bio_err, "-in file input file\n");
+ BIO_printf (bio_err, "-inform arg input format SMIME (default), PEM or DER\n");
+ BIO_printf (bio_err, "-inkey file input private key (if not signer or recipient)\n");
+ BIO_printf (bio_err, "-keyform arg input private key format (PEM or ENGINE)\n");
+ BIO_printf (bio_err, "-out file output file\n");
+ BIO_printf (bio_err, "-outform arg output format SMIME (default), PEM or DER\n");
+ BIO_printf (bio_err, "-content file supply or override content for detached signature\n");
+ BIO_printf (bio_err, "-to addr to address\n");
+ BIO_printf (bio_err, "-from ad from address\n");
+ BIO_printf (bio_err, "-subject s subject\n");
+ BIO_printf (bio_err, "-text include or delete text MIME headers\n");
+ BIO_printf (bio_err, "-CApath dir trusted certificates directory\n");
+ BIO_printf (bio_err, "-CAfile file trusted certificates file\n");
+ BIO_printf (bio_err, "-crl_check check revocation status of signer's certificate using CRLs\n");
+ BIO_printf (bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n");
+#ifndef OPENSSL_NO_ENGINE
+ BIO_printf (bio_err, "-engine e use engine e, possibly a hardware device.\n");
+#endif
+ BIO_printf (bio_err, "-passin arg input file pass phrase source\n");
+ BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+ BIO_printf(bio_err, " load the file (or the files in the directory) into\n");
+ BIO_printf(bio_err, " the random number generator\n");
+ BIO_printf (bio_err, "cert.pem recipient certificate(s) for encryption\n");
+ goto end;
+ }
+
+#ifndef OPENSSL_NO_ENGINE
+ e = setup_engine(bio_err, engine, 0);
+#endif
+
+ if (!app_passwd(bio_err, passargin, NULL, &passin, NULL))
+ {
+ BIO_printf(bio_err, "Error getting password\n");
+ goto end;
+ }
+
+ if (need_rand)
+ {
+ app_RAND_load_file(NULL, bio_err, (inrand != NULL));
+ if (inrand != NULL)
+ BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
+ app_RAND_load_files(inrand));
+ }
+
+ ret = 2;
+
+ if (!(operation & SMIME_SIGNERS))
+ flags &= ~CMS_DETACHED;
+
+ if (operation & SMIME_OP)
+ {
+ if (outformat == FORMAT_ASN1)
+ outmode = "wb";
+ }
+ else
+ {
+ if (flags & CMS_BINARY)
+ outmode = "wb";
+ }
+
+ if (operation & SMIME_IP)
+ {
+ if (informat == FORMAT_ASN1)
+ inmode = "rb";
+ }
+ else
+ {
+ if (flags & CMS_BINARY)
+ inmode = "rb";
+ }
+
+ if (operation == SMIME_ENCRYPT)
+ {
+ if (!cipher)
+ {
+#ifndef OPENSSL_NO_DES
+ cipher = EVP_des_ede3_cbc();
+#else
+ BIO_printf(bio_err, "No cipher selected\n");
+ goto end;
+#endif
+ }
+
+ if (secret_key && !secret_keyid)
+ {
+ BIO_printf(bio_err, "No sectre key id\n");
+ goto end;
+ }
+
+ if (*args)
+ encerts = sk_X509_new_null();
+ while (*args)
+ {
+ if (!(cert = load_cert(bio_err,*args,FORMAT_PEM,
+ NULL, e, "recipient certificate file")))
+ goto end;
+ sk_X509_push(encerts, cert);
+ cert = NULL;
+ args++;
+ }
+ }
+
+ if (certfile)
+ {
+ if (!(other = load_certs(bio_err,certfile,FORMAT_PEM, NULL,
+ e, "certificate file")))
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+
+ if (recipfile && (operation == SMIME_DECRYPT))
+ {
+ if (!(recip = load_cert(bio_err,recipfile,FORMAT_PEM,NULL,
+ e, "recipient certificate file")))
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+
+ if (operation == SMIME_SIGN_RECEIPT)
+ {
+ if (!(signer = load_cert(bio_err,signerfile,FORMAT_PEM,NULL,
+ e, "receipt signer certificate file")))
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+
+ if (operation == SMIME_DECRYPT)
+ {
+ if (!keyfile)
+ keyfile = recipfile;
+ }
+ else if ((operation == SMIME_SIGN) || (operation == SMIME_SIGN_RECEIPT))
+ {
+ if (!keyfile)
+ keyfile = signerfile;
+ }
+ else keyfile = NULL;
+
+ if (keyfile)
+ {
+ key = load_key(bio_err, keyfile, keyform, 0, passin, e,
+ "signing key file");
+ if (!key)
+ goto end;
+ }
+
+ if (infile)
+ {
+ if (!(in = BIO_new_file(infile, inmode)))
+ {
+ BIO_printf (bio_err,
+ "Can't open input file %s\n", infile);
+ goto end;
+ }
+ }
+ else
+ in = BIO_new_fp(stdin, BIO_NOCLOSE);
+
+ if (operation & SMIME_IP)
+ {
+ if (informat == FORMAT_SMIME)
+ cms = SMIME_read_CMS(in, &indata);
+ else if (informat == FORMAT_PEM)
+ cms = PEM_read_bio_CMS(in, NULL, NULL, NULL);
+ else if (informat == FORMAT_ASN1)
+ cms = d2i_CMS_bio(in, NULL);
+ else
+ {
+ BIO_printf(bio_err, "Bad input format for CMS file\n");
+ goto end;
+ }
+
+ if (!cms)
+ {
+ BIO_printf(bio_err, "Error reading S/MIME message\n");
+ goto end;
+ }
+ if (contfile)
+ {
+ BIO_free(indata);
+ if (!(indata = BIO_new_file(contfile, "rb")))
+ {
+ BIO_printf(bio_err, "Can't read content file %s\n", contfile);
+ goto end;
+ }
+ }
+ if (certsoutfile)
+ {
+ STACK_OF(X509) *allcerts;
+ allcerts = CMS_get1_certs(cms);
+ if (!save_certs(certsoutfile, allcerts))
+ {
+ BIO_printf(bio_err,
+ "Error writing certs to %s\n",
+ certsoutfile);
+ ret = 5;
+ goto end;
+ }
+ sk_X509_pop_free(allcerts, X509_free);
+ }
+ }
+
+ if (rctfile)
+ {
+ char *rctmode = (rctformat == FORMAT_ASN1) ? "rb" : "r";
+ if (!(rctin = BIO_new_file(rctfile, rctmode)))
+ {
+ BIO_printf (bio_err,
+ "Can't open receipt file %s\n", rctfile);
+ goto end;
+ }
+
+ if (rctformat == FORMAT_SMIME)
+ rcms = SMIME_read_CMS(rctin, NULL);
+ else if (rctformat == FORMAT_PEM)
+ rcms = PEM_read_bio_CMS(rctin, NULL, NULL, NULL);
+ else if (rctformat == FORMAT_ASN1)
+ rcms = d2i_CMS_bio(rctin, NULL);
+ else
+ {
+ BIO_printf(bio_err, "Bad input format for receipt\n");
+ goto end;
+ }
+
+ if (!rcms)
+ {
+ BIO_printf(bio_err, "Error reading receipt\n");
+ goto end;
+ }
+ }
+
+ if (outfile)
+ {
+ if (!(out = BIO_new_file(outfile, outmode)))
+ {
+ BIO_printf (bio_err,
+ "Can't open output file %s\n", outfile);
+ goto end;
+ }
+ }
+ else
+ {
+ out = BIO_new_fp(stdout, BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+ {
+ BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+ out = BIO_push(tmpbio, out);
+ }
+#endif
+ }
+
+ if ((operation == SMIME_VERIFY) || (operation == SMIME_VERIFY_RECEIPT))
+ {
+ if (!(store = setup_verify(bio_err, CAfile, CApath)))
+ goto end;
+ X509_STORE_set_verify_cb_func(store, cms_cb);
+ if (vpm)
+ X509_STORE_set1_param(store, vpm);
+ }
+
+
+ ret = 3;
+
+ if (operation == SMIME_DATA_CREATE)
+ {
+ cms = CMS_data_create(in, flags);
+ }
+ else if (operation == SMIME_DIGEST_CREATE)
+ {
+ cms = CMS_digest_create(in, sign_md, flags);
+ }
+ else if (operation == SMIME_COMPRESS)
+ {
+ cms = CMS_compress(in, -1, flags);
+ }
+ else if (operation == SMIME_ENCRYPT)
+ {
+ flags |= CMS_PARTIAL;
+ cms = CMS_encrypt(encerts, in, cipher, flags);
+ if (!cms)
+ goto end;
+ if (secret_key)
+ {
+ if (!CMS_add0_recipient_key(cms, NID_undef,
+ secret_key, secret_keylen,
+ secret_keyid, secret_keyidlen,
+ NULL, NULL, NULL))
+ goto end;
+ /* NULL these because call absorbs them */
+ secret_key = NULL;
+ secret_keyid = NULL;
+ }
+ if (!(flags & CMS_STREAM))
+ {
+ if (!CMS_final(cms, in, NULL, flags))
+ goto end;
+ }
+ }
+ else if (operation == SMIME_ENCRYPTED_ENCRYPT)
+ {
+ cms = CMS_EncryptedData_encrypt(in, cipher,
+ secret_key, secret_keylen,
+ flags);
+
+ }
+ else if (operation == SMIME_SIGN_RECEIPT)
+ {
+ CMS_ContentInfo *srcms = NULL;
+ STACK_OF(CMS_SignerInfo) *sis;
+ CMS_SignerInfo *si;
+ sis = CMS_get0_SignerInfos(cms);
+ if (!sis)
+ goto end;
+ si = sk_CMS_SignerInfo_value(sis, 0);
+ srcms = CMS_sign_receipt(si, signer, key, other, flags);
+ if (!srcms)
+ goto end;
+ CMS_ContentInfo_free(cms);
+ cms = srcms;
+ }
+ else if (operation & SMIME_SIGNERS)
+ {
+ int i;
+ /* If detached data content we enable streaming if
+ * S/MIME output format.
+ */
+ if (operation == SMIME_SIGN)
+ {
+
+ if (flags & CMS_DETACHED)
+ {
+ if (outformat == FORMAT_SMIME)
+ flags |= CMS_STREAM;
+ }
+ flags |= CMS_PARTIAL;
+ cms = CMS_sign(NULL, NULL, other, in, flags);
+ if (!cms)
+ goto end;
+ if (econtent_type)
+ CMS_set1_eContentType(cms, econtent_type);
+
+ if (rr_to)
+ {
+ rr = make_receipt_request(rr_to, rr_allorfirst,
+ rr_from);
+ if (!rr)
+ {
+ BIO_puts(bio_err,
+ "Signed Receipt Request Creation Error\n");
+ goto end;
+ }
+ }
+ }
+ else
+ flags |= CMS_REUSE_DIGEST;
+ for (i = 0; i < sk_num(sksigners); i++)
+ {
+ CMS_SignerInfo *si;
+ signerfile = sk_value(sksigners, i);
+ keyfile = sk_value(skkeys, i);
+ signer = load_cert(bio_err, signerfile,FORMAT_PEM, NULL,
+ e, "signer certificate");
+ if (!signer)
+ goto end;
+ key = load_key(bio_err, keyfile, keyform, 0, passin, e,
+ "signing key file");
+ if (!key)
+ goto end;
+ si = CMS_add1_signer(cms, signer, key, sign_md, flags);
+ if (!si)
+ goto end;
+ if (rr && !CMS_add1_ReceiptRequest(si, rr))
+ goto end;
+ X509_free(signer);
+ signer = NULL;
+ EVP_PKEY_free(key);
+ key = NULL;
+ }
+ /* If not streaming or resigning finalize structure */
+ if ((operation == SMIME_SIGN) && !(flags & CMS_STREAM))
+ {
+ if (!CMS_final(cms, in, NULL, flags))
+ goto end;
+ }
+ }
+
+ if (!cms)
+ {
+ BIO_printf(bio_err, "Error creating CMS structure\n");
+ goto end;
+ }
+
+ ret = 4;
+ if (operation == SMIME_DECRYPT)
+ {
+
+ if (secret_key)
+ {
+ if (!CMS_decrypt_set1_key(cms,
+ secret_key, secret_keylen,
+ secret_keyid, secret_keyidlen))
+ {
+ BIO_puts(bio_err,
+ "Error decrypting CMS using secret key\n");
+ goto end;
+ }
+ }
+
+ if (key)
+ {
+ if (!CMS_decrypt_set1_pkey(cms, key, recip))
+ {
+ BIO_puts(bio_err,
+ "Error decrypting CMS using private key\n");
+ goto end;
+ }
+ }
+
+ if (!CMS_decrypt(cms, NULL, NULL, indata, out, flags))
+ {
+ BIO_printf(bio_err, "Error decrypting CMS structure\n");
+ goto end;
+ }
+ }
+ else if (operation == SMIME_DATAOUT)
+ {
+ if (!CMS_data(cms, out, flags))
+ goto end;
+ }
+ else if (operation == SMIME_UNCOMPRESS)
+ {
+ if (!CMS_uncompress(cms, indata, out, flags))
+ goto end;
+ }
+ else if (operation == SMIME_DIGEST_VERIFY)
+ {
+ if (CMS_digest_verify(cms, indata, out, flags) > 0)
+ BIO_printf(bio_err, "Verification successful\n");
+ else
+ {
+ BIO_printf(bio_err, "Verification failure\n");
+ goto end;
+ }
+ }
+ else if (operation == SMIME_ENCRYPTED_DECRYPT)
+ {
+ if (!CMS_EncryptedData_decrypt(cms, secret_key, secret_keylen,
+ indata, out, flags))
+ goto end;
+ }
+ else if (operation == SMIME_VERIFY)
+ {
+ if (CMS_verify(cms, other, store, indata, out, flags) > 0)
+ BIO_printf(bio_err, "Verification successful\n");
+ else
+ {
+ BIO_printf(bio_err, "Verification failure\n");
+ goto end;
+ }
+ if (signerfile)
+ {
+ STACK_OF(X509) *signers;
+ signers = CMS_get0_signers(cms);
+ if (!save_certs(signerfile, signers))
+ {
+ BIO_printf(bio_err,
+ "Error writing signers to %s\n",
+ signerfile);
+ ret = 5;
+ goto end;
+ }
+ sk_X509_free(signers);
+ }
+ if (rr_print)
+ receipt_request_print(bio_err, cms);
+
+ }
+ else if (operation == SMIME_VERIFY_RECEIPT)
+ {
+ if (CMS_verify_receipt(rcms, cms, other, store, flags) > 0)
+ BIO_printf(bio_err, "Verification successful\n");
+ else
+ {
+ BIO_printf(bio_err, "Verification failure\n");
+ goto end;
+ }
+ }
+ else
+ {
+ if (outformat == FORMAT_SMIME)
+ {
+ if (to)
+ BIO_printf(out, "To: %s\n", to);
+ if (from)
+ BIO_printf(out, "From: %s\n", from);
+ if (subject)
+ BIO_printf(out, "Subject: %s\n", subject);
+ if (operation == SMIME_RESIGN)
+ ret = SMIME_write_CMS(out, cms, indata, flags);
+ else
+ ret = SMIME_write_CMS(out, cms, in, flags);
+ }
+ else if (outformat == FORMAT_PEM)
+ ret = PEM_write_bio_CMS(out, cms);
+ else if (outformat == FORMAT_ASN1)
+ ret = i2d_CMS_bio(out,cms);
+ else
+ {
+ BIO_printf(bio_err, "Bad output format for CMS file\n");
+ goto end;
+ }
+ if (ret <= 0)
+ {
+ ret = 6;
+ goto end;
+ }
+ }
+ ret = 0;
+end:
+ if (ret)
+ ERR_print_errors(bio_err);
+ if (need_rand)
+ app_RAND_write_file(NULL, bio_err);
+ sk_X509_pop_free(encerts, X509_free);
+ sk_X509_pop_free(other, X509_free);
+ if (vpm)
+ X509_VERIFY_PARAM_free(vpm);
+ if (sksigners)
+ sk_free(sksigners);
+ if (skkeys)
+ sk_free(skkeys);
+ if (secret_key)
+ OPENSSL_free(secret_key);
+ if (secret_keyid)
+ OPENSSL_free(secret_keyid);
+ if (econtent_type)
+ ASN1_OBJECT_free(econtent_type);
+ if (rr)
+ CMS_ReceiptRequest_free(rr);
+ if (rr_to)
+ sk_free(rr_to);
+ if (rr_from)
+ sk_free(rr_from);
+ X509_STORE_free(store);
+ X509_free(cert);
+ X509_free(recip);
+ X509_free(signer);
+ EVP_PKEY_free(key);
+ CMS_ContentInfo_free(cms);
+ CMS_ContentInfo_free(rcms);
+ BIO_free(rctin);
+ BIO_free(in);
+ BIO_free(indata);
+ BIO_free_all(out);
+ if (passin) OPENSSL_free(passin);
+ return (ret);
+}
+
+static int save_certs(char *signerfile, STACK_OF(X509) *signers)
+ {
+ int i;
+ BIO *tmp;
+ if (!signerfile)
+ return 1;
+ tmp = BIO_new_file(signerfile, "w");
+ if (!tmp) return 0;
+ for(i = 0; i < sk_X509_num(signers); i++)
+ PEM_write_bio_X509(tmp, sk_X509_value(signers, i));
+ BIO_free(tmp);
+ return 1;
+ }
+
+
+/* Minimal callback just to output policy info (if any) */
+
+static int cms_cb(int ok, X509_STORE_CTX *ctx)
+ {
+ int error;
+
+ error = X509_STORE_CTX_get_error(ctx);
+
+ if ((error != X509_V_ERR_NO_EXPLICIT_POLICY)
+ && ((error != X509_V_OK) || (ok != 2)))
+ return ok;
+
+ policies_print(NULL, ctx);
+
+ return ok;
+
+ }
+
+static void gnames_stack_print(BIO *out, STACK_OF(GENERAL_NAMES) *gns)
+ {
+ STACK_OF(GENERAL_NAME) *gens;
+ GENERAL_NAME *gen;
+ int i, j;
+ for (i = 0; i < sk_GENERAL_NAMES_num(gns); i++)
+ {
+ gens = sk_GENERAL_NAMES_value(gns, i);
+ for (j = 0; j < sk_GENERAL_NAME_num(gens); j++)
+ {
+ gen = sk_GENERAL_NAME_value(gens, j);
+ BIO_puts(out, " ");
+ GENERAL_NAME_print(out, gen);
+ BIO_puts(out, "\n");
+ }
+ }
+ return;
+ }
+
+static void receipt_request_print(BIO *out, CMS_ContentInfo *cms)
+ {
+ STACK_OF(CMS_SignerInfo) *sis;
+ CMS_SignerInfo *si;
+ CMS_ReceiptRequest *rr;
+ int allorfirst;
+ STACK_OF(GENERAL_NAMES) *rto, *rlist;
+ ASN1_STRING *scid;
+ int i, rv;
+ sis = CMS_get0_SignerInfos(cms);
+ for (i = 0; i < sk_CMS_SignerInfo_num(sis); i++)
+ {
+ si = sk_CMS_SignerInfo_value(sis, i);
+ rv = CMS_get1_ReceiptRequest(si, &rr);
+ BIO_printf(bio_err, "Signer %d:\n", i + 1);
+ if (rv == 0)
+ BIO_puts(bio_err, " No Receipt Request\n");
+ else if (rv < 0)
+ {
+ BIO_puts(bio_err, " Receipt Request Parse Error\n");
+ ERR_print_errors(bio_err);
+ }
+ else
+ {
+ char *id;
+ int idlen;
+ CMS_ReceiptRequest_get0_values(rr, &scid, &allorfirst,
+ &rlist, &rto);
+ BIO_puts(out, " Signed Content ID:\n");
+ idlen = ASN1_STRING_length(scid);
+ id = (char *)ASN1_STRING_data(scid);
+ BIO_dump_indent(out, id, idlen, 4);
+ BIO_puts(out, " Receipts From");
+ if (rlist)
+ {
+ BIO_puts(out, " List:\n");
+ gnames_stack_print(out, rlist);
+ }
+ else if (allorfirst == 1)
+ BIO_puts(out, ": First Tier\n");
+ else if (allorfirst == 0)
+ BIO_puts(out, ": All\n");
+ else
+ BIO_printf(out, " Unknown (%d)\n", allorfirst);
+ BIO_puts(out, " Receipts To:\n");
+ gnames_stack_print(out, rto);
+ }
+ if (rr)
+ CMS_ReceiptRequest_free(rr);
+ }
+ }
+
+static STACK_OF(GENERAL_NAMES) *make_names_stack(STACK *ns)
+ {
+ int i;
+ STACK_OF(GENERAL_NAMES) *ret;
+ GENERAL_NAMES *gens = NULL;
+ GENERAL_NAME *gen = NULL;
+ ret = sk_GENERAL_NAMES_new_null();
+ if (!ret)
+ goto err;
+ for (i = 0; i < sk_num(ns); i++)
+ {
+ CONF_VALUE cnf;
+ cnf.name = "email";
+ cnf.value = sk_value(ns, i);
+ gen = v2i_GENERAL_NAME(NULL, NULL, &cnf);
+ if (!gen)
+ goto err;
+ gens = GENERAL_NAMES_new();
+ if (!gens)
+ goto err;
+ if (!sk_GENERAL_NAME_push(gens, gen))
+ goto err;
+ gen = NULL;
+ if (!sk_GENERAL_NAMES_push(ret, gens))
+ goto err;
+ gens = NULL;
+ }
+
+ return ret;
+
+ err:
+ if (ret)
+ sk_GENERAL_NAMES_pop_free(ret, GENERAL_NAMES_free);
+ if (gens)
+ GENERAL_NAMES_free(gens);
+ if (gen)
+ GENERAL_NAME_free(gen);
+ return NULL;
+ }
+
+
+static CMS_ReceiptRequest *make_receipt_request(STACK *rr_to, int rr_allorfirst,
+ STACK *rr_from)
+ {
+ STACK_OF(GENERAL_NAMES) *rct_to, *rct_from;
+ CMS_ReceiptRequest *rr;
+ rct_to = make_names_stack(rr_to);
+ if (!rct_to)
+ goto err;
+ if (rr_from)
+ {
+ rct_from = make_names_stack(rr_from);
+ if (!rct_from)
+ goto err;
+ }
+ else
+ rct_from = NULL;
+ rr = CMS_ReceiptRequest_create0(NULL, -1, rr_allorfirst, rct_from,
+ rct_to);
+ return rr;
+ err:
+ return NULL;
+ }
+
+#endif
goto end;
}
- in=BIO_new(BIO_s_file());
out=BIO_new(BIO_s_file());
- if ((in == NULL) || (out == NULL))
+ if (out == NULL)
{
ERR_print_errors(bio_err);
goto end;
}
- if (infile == NULL)
- BIO_set_fp(in,stdin,BIO_NOCLOSE);
- else
- {
- if (BIO_read_filename(in,infile) <= 0)
- {
- perror(infile);
- goto end;
- }
- }
-
BIO_printf(bio_err,"read DSA key\n");
- if (informat == FORMAT_ASN1) {
- if(pubin) dsa=d2i_DSA_PUBKEY_bio(in,NULL);
- else dsa=d2i_DSAPrivateKey_bio(in,NULL);
- } else if (informat == FORMAT_PEM) {
- if(pubin) dsa=PEM_read_bio_DSA_PUBKEY(in,NULL, NULL, NULL);
- else dsa=PEM_read_bio_DSAPrivateKey(in,NULL,NULL,passin);
- } else
- {
- BIO_printf(bio_err,"bad input format specified for key\n");
- goto end;
- }
+ {
+ EVP_PKEY *pkey;
+ if (pubin)
+ pkey = load_pubkey(bio_err, infile, informat, 1,
+ passin, e, "Public Key");
+ else
+ pkey = load_key(bio_err, infile, informat, 1,
+ passin, e, "Private Key");
+
+ if (pkey != NULL)
+ dsa = pkey == NULL ? NULL : EVP_PKEY_get1_DSA(pkey);
+ EVP_PKEY_free(pkey);
+ }
if (dsa == NULL)
{
BIO_printf(bio_err,"unable to load Key\n");
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
+#include "apps.h" /* needs to be included before the openssl headers! */
#include <openssl/e_os2.h>
-#include <openssl/bio.h>
-#include <openssl/ocsp.h>
-#include <openssl/txt_db.h>
#include <openssl/ssl.h>
-#include "apps.h"
+#include <openssl/err.h>
/* Maximum leeway in validity period: default 5 minutes */
#define MAX_VALIDITY_PERIOD (5 * 60)
extern int s_time_main(int argc,char *argv[]);
extern int version_main(int argc,char *argv[]);
extern int pkcs7_main(int argc,char *argv[]);
+extern int cms_main(int argc,char *argv[]);
extern int crl2pkcs7_main(int argc,char *argv[]);
extern int sess_id_main(int argc,char *argv[]);
extern int ciphers_main(int argc,char *argv[]);
#endif
{FUNC_TYPE_GENERAL,"version",version_main},
{FUNC_TYPE_GENERAL,"pkcs7",pkcs7_main},
+#ifndef OPENSSL_NO_CMS
+ {FUNC_TYPE_GENERAL,"cms",cms_main},
+#endif
{FUNC_TYPE_GENERAL,"crl2pkcs7",crl2pkcs7_main},
{FUNC_TYPE_GENERAL,"sess_id",sess_id_main},
#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))
{ print "#ifndef OPENSSL_NO_DH\n${str}#endif\n"; }
elsif ( ($_ =~ /^pkcs12$/))
{ print "#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1)\n${str}#endif\n"; }
+ elsif ( ($_ =~ /^cms$/))
+ { print "#ifndef OPENSSL_NO_CMS\n${str}#endif\n"; }
else
{ print $str; }
}
message */
goto end;
}
- if (EVP_PKEY_type(pkey->type) == EVP_PKEY_DSA ||
- EVP_PKEY_type(pkey->type) == EVP_PKEY_EC)
+ else
{
char *randfile = NCONF_get_string(req_conf,SECTION,"RANDFILE");
if (randfile == NULL)
while(argc >= 1)
{
if (!strcmp(*argv,"-in")) {
- if (--argc < 1) badarg = 1;
- infile= *(++argv);
+ if (--argc < 1)
+ badarg = 1;
+ else
+ infile= *(++argv);
} else if (!strcmp(*argv,"-out")) {
- if (--argc < 1) badarg = 1;
- outfile= *(++argv);
+ if (--argc < 1)
+ badarg = 1;
+ else
+ outfile= *(++argv);
} else if(!strcmp(*argv, "-inkey")) {
- if (--argc < 1) badarg = 1;
- keyfile = *(++argv);
+ if (--argc < 1)
+ badarg = 1;
+ else
+ keyfile = *(++argv);
} else if (!strcmp(*argv,"-passin")) {
- if (--argc < 1) badarg = 1;
- passargin= *(++argv);
+ if (--argc < 1)
+ badarg = 1;
+ else
+ passargin= *(++argv);
} else if (strcmp(*argv,"-keyform") == 0) {
- if (--argc < 1) badarg = 1;
- keyform=str2fmt(*(++argv));
+ if (--argc < 1)
+ badarg = 1;
+ else
+ keyform=str2fmt(*(++argv));
#ifndef OPENSSL_NO_ENGINE
} else if(!strcmp(*argv, "-engine")) {
- if (--argc < 1) badarg = 1;
- engine = *(++argv);
+ if (--argc < 1)
+ badarg = 1;
+ else
+ engine = *(++argv);
#endif
} else if(!strcmp(*argv, "-pubin")) {
key_type = KEY_PUBKEY;
int mbuf_len=0;
#ifndef OPENSSL_NO_ENGINE
char *engine_id=NULL;
- ENGINE *e=NULL;
+ char *ssl_client_engine_id=NULL;
+ ENGINE *e=NULL, *ssl_client_engine=NULL;
#endif
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE)
struct timeval tv;
if (--argc < 1) goto bad;
engine_id = *(++argv);
}
+ else if (strcmp(*argv,"-ssl_client_engine") == 0)
+ {
+ if (--argc < 1) goto bad;
+ ssl_client_engine_id = *(++argv);
+ }
#endif
else if (strcmp(*argv,"-rand") == 0)
{
#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine_id, 1);
+ if (ssl_client_engine_id)
+ {
+ ssl_client_engine = ENGINE_by_id(ssl_client_engine_id);
+ if (!ssl_client_engine)
+ {
+ BIO_printf(bio_err,
+ "Error getting client auth engine\n");
+ goto end;
+ }
+ }
#endif
if (!app_passwd(bio_err, passarg, NULL, &pass, NULL))
{
goto end;
}
+#ifndef OPENSSL_NO_ENGINE
+ if (ssl_client_engine)
+ {
+ if (!SSL_CTX_set_client_cert_engine(ctx, ssl_client_engine))
+ {
+ BIO_puts(bio_err, "Error setting client auth engine\n");
+ ERR_print_errors(bio_err);
+ ENGINE_free(ssl_client_engine);
+ goto end;
+ }
+ ENGINE_free(ssl_client_engine);
+ }
+#endif
+
if (bugs)
SSL_CTX_set_options(ctx,SSL_OP_ALL|off);
else
BIO_printf(bio_err," -Verify arg - turn on peer certificate verification, must have a cert.\n");
BIO_printf(bio_err," -cert arg - certificate file to use\n");
BIO_printf(bio_err," (default is %s)\n",TEST_CERT);
+ BIO_printf(bio_err," -crl_check - check the peer certificate has not been revoked by its CA.\n" \
+ " The CRL(s) are appended to the certificate file\n");
+ BIO_printf(bio_err," -crl_check_all - check the peer certificate has not been revoked by its CA\n" \
+ " or any other CRL in the CA chain. CRL(s) are appened to the\n" \
+ " the certificate file.\n");
BIO_printf(bio_err," -certform arg - certificate format (PEM or DER) PEM default\n");
BIO_printf(bio_err," -key arg - Private Key file to use, in cert file if\n");
BIO_printf(bio_err," not specified (default is %s)\n",TEST_CERT);
{
vflags |= X509_V_FLAG_CRL_CHECK;
}
- else if (strcmp(*argv,"-crl_check") == 0)
+ else if (strcmp(*argv,"-crl_check_all") == 0)
{
vflags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL;
}
LIB=$(TOP)/libcrypto.a
LIBSRC=aes_core.c aes_misc.c aes_ecb.c aes_cbc.c aes_cfb.c aes_ofb.c \
- aes_ctr.c aes_ige.c
-LIBOBJ=aes_misc.o aes_ecb.o aes_cfb.o aes_ofb.o aes_ctr.o aes_ige.o \
+ aes_ctr.c aes_ige.c aes_wrap.c
+LIBOBJ=aes_misc.o aes_ecb.o aes_cfb.o aes_ofb.o aes_ctr.o aes_ige.o aes_wrap.o \
$(AES_ASM_OBJ)
SRC= $(LIBSRC)
const AES_KEY *key2, const unsigned char *ivec,
const int enc);
+int AES_wrap_key(AES_KEY *key, const unsigned char *iv,
+ unsigned char *out,
+ const unsigned char *in, unsigned int inlen);
+int AES_unwrap_key(AES_KEY *key, const unsigned char *iv,
+ unsigned char *out,
+ const unsigned char *in, unsigned int inlen);
#ifdef __cplusplus
}
#include <stdlib.h>
#include <openssl/aes.h>
+#ifdef OPENSSL_FIPS
#include <openssl/fips.h>
+#endif
+
#include "aes_locl.h"
/*
--- /dev/null
+/* crypto/aes/aes_wrap.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#include "cryptlib.h"
+#include <openssl/aes.h>
+#include <openssl/bio.h>
+
+static const unsigned char default_iv[] = {
+ 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6,
+};
+
+int AES_wrap_key(AES_KEY *key, const unsigned char *iv,
+ unsigned char *out,
+ const unsigned char *in, unsigned int inlen)
+ {
+ unsigned char *A, B[16], *R;
+ unsigned int i, j, t;
+ if ((inlen & 0x7) || (inlen < 8))
+ return -1;
+ A = B;
+ t = 1;
+ memcpy(out + 8, in, inlen);
+ if (!iv)
+ iv = default_iv;
+
+ memcpy(A, iv, 8);
+
+ for (j = 0; j < 6; j++)
+ {
+ R = out + 8;
+ for (i = 0; i < inlen; i += 8, t++, R += 8)
+ {
+ memcpy(B + 8, R, 8);
+ AES_encrypt(B, B, key);
+ A[7] ^= (unsigned char)(t & 0xff);
+ if (t > 0xff)
+ {
+ A[6] ^= (unsigned char)((t & 0xff) >> 8);
+ A[5] ^= (unsigned char)((t & 0xff) >> 16);
+ A[4] ^= (unsigned char)((t & 0xff) >> 24);
+ }
+ memcpy(R, B + 8, 8);
+ }
+ }
+ memcpy(out, A, 8);
+ return inlen + 8;
+ }
+
+int AES_unwrap_key(AES_KEY *key, const unsigned char *iv,
+ unsigned char *out,
+ const unsigned char *in, unsigned int inlen)
+ {
+ unsigned char *A, B[16], *R;
+ unsigned int i, j, t;
+ inlen -= 8;
+ if (inlen & 0x7)
+ return -1;
+ if (inlen < 8)
+ return -1;
+ A = B;
+ t = 6 * (inlen >> 3);
+ memcpy(A, in, 8);
+ memcpy(out, in + 8, inlen);
+ for (j = 0; j < 6; j++)
+ {
+ R = out + inlen - 8;
+ for (i = 0; i < inlen; i += 8, t--, R -= 8)
+ {
+ A[7] ^= (unsigned char)(t & 0xff);
+ if (t > 0xff)
+ {
+ A[6] ^= (unsigned char)((t & 0xff) >> 8);
+ A[5] ^= (unsigned char)((t & 0xff) >> 16);
+ A[4] ^= (unsigned char)((t & 0xff) >> 24);
+ }
+ memcpy(B + 8, R, 8);
+ AES_decrypt(B, B, key);
+ memcpy(R, B + 8, 8);
+ }
+ }
+ if (!iv)
+ iv = default_iv;
+ if (memcmp(A, iv, 8))
+ {
+ OPENSSL_cleanse(out, inlen);
+ return 0;
+ }
+ return inlen;
+ }
+
+#ifdef AES_WRAP_TEST
+
+int AES_wrap_unwrap_test(const unsigned char *kek, int keybits,
+ const unsigned char *iv,
+ const unsigned char *eout,
+ const unsigned char *key, int keylen)
+ {
+ unsigned char *otmp = NULL, *ptmp = NULL;
+ int r, ret = 0;
+ AES_KEY wctx;
+ otmp = OPENSSL_malloc(keylen + 8);
+ ptmp = OPENSSL_malloc(keylen);
+ if (!otmp || !ptmp)
+ return 0;
+ if (AES_set_encrypt_key(kek, keybits, &wctx))
+ goto err;
+ r = AES_wrap_key(&wctx, iv, otmp, key, keylen);
+ if (r <= 0)
+ goto err;
+
+ if (eout && memcmp(eout, otmp, keylen))
+ goto err;
+
+ if (AES_set_decrypt_key(kek, keybits, &wctx))
+ goto err;
+ r = AES_unwrap_key(&wctx, iv, ptmp, otmp, r);
+
+ if (memcmp(key, ptmp, keylen))
+ goto err;
+
+ ret = 1;
+
+ err:
+ if (otmp)
+ OPENSSL_free(otmp);
+ if (ptmp)
+ OPENSSL_free(ptmp);
+
+ return ret;
+
+ }
+
+
+
+int main(int argc, char **argv)
+{
+
+static const unsigned char kek[] = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+ 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+ 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
+};
+
+static const unsigned char key[] = {
+ 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
+ 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
+};
+
+static const unsigned char e1[] = {
+ 0x1f, 0xa6, 0x8b, 0x0a, 0x81, 0x12, 0xb4, 0x47,
+ 0xae, 0xf3, 0x4b, 0xd8, 0xfb, 0x5a, 0x7b, 0x82,
+ 0x9d, 0x3e, 0x86, 0x23, 0x71, 0xd2, 0xcf, 0xe5
+};
+
+static const unsigned char e2[] = {
+ 0x96, 0x77, 0x8b, 0x25, 0xae, 0x6c, 0xa4, 0x35,
+ 0xf9, 0x2b, 0x5b, 0x97, 0xc0, 0x50, 0xae, 0xd2,
+ 0x46, 0x8a, 0xb8, 0xa1, 0x7a, 0xd8, 0x4e, 0x5d
+};
+
+static const unsigned char e3[] = {
+ 0x64, 0xe8, 0xc3, 0xf9, 0xce, 0x0f, 0x5b, 0xa2,
+ 0x63, 0xe9, 0x77, 0x79, 0x05, 0x81, 0x8a, 0x2a,
+ 0x93, 0xc8, 0x19, 0x1e, 0x7d, 0x6e, 0x8a, 0xe7
+};
+
+static const unsigned char e4[] = {
+ 0x03, 0x1d, 0x33, 0x26, 0x4e, 0x15, 0xd3, 0x32,
+ 0x68, 0xf2, 0x4e, 0xc2, 0x60, 0x74, 0x3e, 0xdc,
+ 0xe1, 0xc6, 0xc7, 0xdd, 0xee, 0x72, 0x5a, 0x93,
+ 0x6b, 0xa8, 0x14, 0x91, 0x5c, 0x67, 0x62, 0xd2
+};
+
+static const unsigned char e5[] = {
+ 0xa8, 0xf9, 0xbc, 0x16, 0x12, 0xc6, 0x8b, 0x3f,
+ 0xf6, 0xe6, 0xf4, 0xfb, 0xe3, 0x0e, 0x71, 0xe4,
+ 0x76, 0x9c, 0x8b, 0x80, 0xa3, 0x2c, 0xb8, 0x95,
+ 0x8c, 0xd5, 0xd1, 0x7d, 0x6b, 0x25, 0x4d, 0xa1
+};
+
+static const unsigned char e6[] = {
+ 0x28, 0xc9, 0xf4, 0x04, 0xc4, 0xb8, 0x10, 0xf4,
+ 0xcb, 0xcc, 0xb3, 0x5c, 0xfb, 0x87, 0xf8, 0x26,
+ 0x3f, 0x57, 0x86, 0xe2, 0xd8, 0x0e, 0xd3, 0x26,
+ 0xcb, 0xc7, 0xf0, 0xe7, 0x1a, 0x99, 0xf4, 0x3b,
+ 0xfb, 0x98, 0x8b, 0x9b, 0x7a, 0x02, 0xdd, 0x21
+};
+
+ AES_KEY wctx, xctx;
+ int ret;
+ ret = AES_wrap_unwrap_test(kek, 128, NULL, e1, key, 16);
+ fprintf(stderr, "Key test result %d\n", ret);
+ ret = AES_wrap_unwrap_test(kek, 192, NULL, e2, key, 16);
+ fprintf(stderr, "Key test result %d\n", ret);
+ ret = AES_wrap_unwrap_test(kek, 256, NULL, e3, key, 16);
+ fprintf(stderr, "Key test result %d\n", ret);
+ ret = AES_wrap_unwrap_test(kek, 192, NULL, e4, key, 24);
+ fprintf(stderr, "Key test result %d\n", ret);
+ ret = AES_wrap_unwrap_test(kek, 256, NULL, e5, key, 24);
+ fprintf(stderr, "Key test result %d\n", ret);
+ ret = AES_wrap_unwrap_test(kek, 256, NULL, e6, key, 32);
+ fprintf(stderr, "Key test result %d\n", ret);
+}
+
+
+#endif
#
# ====================================================================
# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
-# project. The module is, however, dual licensed under OpenSSL and
-# CRYPTOGAMS licenses depending on where you obtain it. For further
-# details see http://www.openssl.org/~appro/cryptogams/.
+# project. Rights for redistribution and usage in source and binary
+# forms are granted according to the OpenSSL license.
# ====================================================================
#
-# Version 4.3.
+# Version 3.6.
#
# You might fail to appreciate this module performance from the first
# try. If compared to "vanilla" linux-ia32-icc target, i.e. considered
# AMD K8 20 19
# PIII 25 23
# Pentium 81 78
-#
-# Version 3.7 reimplements outer rounds as "compact." Meaning that
-# first and last rounds reference compact 256 bytes S-box. This means
-# that first round consumes a lot more CPU cycles and that encrypt
-# and decrypt performance becomes asymmetric. Encrypt performance
-# drops by 10-12%, while decrypt - by 20-25%:-( 256 bytes S-box is
-# aggressively pre-fetched.
-#
-# Version 4.0 effectively rolls back to 3.6 and instead implements
-# additional set of functions, _[x86|sse]_AES_[en|de]crypt_compact,
-# which use exclusively 256 byte S-box. These functions are to be
-# called in modes not concealing plain text, such as ECB, or when
-# we're asked to process smaller amount of data [or unconditionally
-# on hyper-threading CPU]. Currently it's called unconditionally from
-# AES_[en|de]crypt, which affects all modes, but CBC. CBC routine
-# still needs to be modified to switch between slower and faster
-# mode when appropriate... But in either case benchmark landscape
-# changes dramatically and below numbers are CPU cycles per processed
-# byte for 128-bit key.
-#
-# ECB encrypt ECB decrypt CBC large chunk
-# P4 56[60] 84[100] 23
-# AMD K8 48[44] 70[79] 18
-# PIII 41[50] 61[91] 24
-# Core 2 32[38] 45[70] 18.5
-# Pentium 120 160 77
-#
-# Version 4.1 switches to compact S-box even in key schedule setup.
-#
-# Version 4.2 prefetches compact S-box in every SSE round or in other
-# words every cache-line is *guaranteed* to be accessed within ~50
-# cycles window. Why just SSE? Because it's needed on hyper-threading
-# CPU! Which is also why it's prefetched with 64 byte stride. Best
-# part is that it has no negative effect on performance:-)
-#
-# Version 4.3 implements switch between compact and non-compact block
-# functions in AES_cbc_encrypt depending on how much data was asked
-# to be processed in one stroke.
-#
-######################################################################
-# Timing attacks are classified in two classes: synchronous when
-# attacker consciously initiates cryptographic operation and collects
-# timing data of various character afterwards, and asynchronous when
-# malicious code is executed on same CPU simultaneously with AES,
-# instruments itself and performs statistical analysis of this data.
-#
-# As far as synchronous attacks go the root to the AES timing
-# vulnerability is twofold. Firstly, of 256 S-box elements at most 160
-# are referred to in single 128-bit block operation. Well, in C
-# implementation with 4 distinct tables it's actually as little as 40
-# references per 256 elements table, but anyway... Secondly, even
-# though S-box elements are clustered into smaller amount of cache-
-# lines, smaller than 160 and even 40, it turned out that for certain
-# plain-text pattern[s] or simply put chosen plain-text and given key
-# few cache-lines remain unaccessed during block operation. Now, if
-# attacker can figure out this access pattern, he can deduct the key
-# [or at least part of it]. The natural way to mitigate this kind of
-# attacks is to minimize the amount of cache-lines in S-box and/or
-# prefetch them to ensure that every one is accessed for more uniform
-# timing. But note that *if* plain-text was concealed in such way that
-# input to block function is distributed *uniformly*, then attack
-# wouldn't apply. Now note that some encryption modes, most notably
-# CBC, do mask the plain-text in this exact way [secure cipher output
-# is distributed uniformly]. Yes, one still might find input that
-# would reveal the information about given key, but if amount of
-# candidate inputs to be tried is larger than amount of possible key
-# combinations then attack becomes infeasible. This is why revised
-# AES_cbc_encrypt "dares" to switch to larger S-box when larger chunk
-# of data is to be processed in one stroke. The current size limit of
-# 512 bytes is chosen to provide same [diminishigly low] probability
-# for cache-line to remain untouched in large chunk operation with
-# large S-box as for single block operation with compact S-box and
-# surely needs more careful consideration...
-#
-# As for asynchronous attacks. There are two flavours: attacker code
-# being interleaved with AES on hyper-threading CPU at *instruction*
-# level, and two processes time sharing single core. As for latter.
-# Two vectors. 1. Given that attacker process has higher priority,
-# yield execution to process performing AES just before timer fires
-# off the scheduler, immediately regain control of CPU and analyze the
-# cache state. For this attack to be efficient attacker would have to
-# effectively slow down the operation by several *orders* of magnitute,
-# by ratio of time slice to duration of handful of AES rounds, which
-# unlikely to remain unnoticed. Not to mention that this also means
-# that he would spend correspondigly more time to collect enough
-# statistical data to mount the attack. It's probably appropriate to
-# say that if adeversary reckons that this attack is beneficial and
-# risks to be noticed, you probably have larger problems having him
-# mere opportunity. In other words suggested code design expects you
-# to preclude/mitigate this attack by overall system security design.
-# 2. Attacker manages to make his code interrupt driven. In order for
-# this kind of attack to be feasible, interrupt rate has to be high
-# enough, again comparable to duration of handful of AES rounds. But
-# is there interrupt source of such rate? Hardly, not even 1Gbps NIC
-# generates interrupts at such raging rate...
-#
-# And now back to the former, hyper-threading CPU or more specifically
-# Intel P4. Recall that asynchronous attack implies that malicious
-# code instruments itself. And naturally instrumentation granularity
-# has be noticeably lower than duration of codepath accessing S-box.
-# Given that all cache-lines are accessed during that time that is.
-# Current implementation accesses *all* cache-lines within ~50 cycles
-# window, which is actually *less* than RDTSC latency on Intel P4!
-
-$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
-push(@INC,"${dir}","${dir}../../perlasm");
+
+push(@INC,"perlasm","../../perlasm");
require "x86asm.pl";
-&asm_init($ARGV[0],"aes-586.pl",$x86only = $ARGV[$#ARGV] eq "386");
+&asm_init($ARGV[0],"aes-586.pl",$ARGV[$#ARGV] eq "386");
$s0="eax";
$s1="ebx";
$s3="edx";
$key="edi";
$acc="esi";
-$tbl="ebp";
-
-# stack frame layout in _[x86|sse]_AES_* routines, frame is allocated
-# by caller
-$__ra=&DWP(0,"esp"); # return address
-$__s0=&DWP(4,"esp"); # s0 backing store
-$__s1=&DWP(8,"esp"); # s1 backing store
-$__s2=&DWP(12,"esp"); # s2 backing store
-$__s3=&DWP(16,"esp"); # s3 backing store
-$__key=&DWP(20,"esp"); # pointer to key schedule
-$__end=&DWP(24,"esp"); # pointer to end of key schedule
-$__tbl=&DWP(28,"esp"); # %ebp backing store
-
-# stack frame layout in AES_[en|crypt] routines, which differs from
-# above by 4 and overlaps by %ebp backing store
-$_tbl=&DWP(24,"esp");
-$_esp=&DWP(28,"esp");
-
-sub _data_word() { my $i; while(defined($i=shift)) { &data_word($i,$i); } }
-$speed_limit=512; # chunks smaller than $speed_limit are
- # processed with compact routine in CBC mode
+$compromise=0; # $compromise=128 abstains from copying key
+ # schedule to stack when encrypting inputs
+ # shorter than 128 bytes at the cost of
+ # risksing aliasing with S-boxes. In return
+ # you get way better, up to +70%, small block
+ # performance.
$small_footprint=1; # $small_footprint=1 code is ~5% slower [on
# recent µ-archs], but ~5 times smaller!
# I favor compact code to minimize cache
# contention and in hope to "collect" 5% back
# in real-life applications...
-
$vertical_spin=0; # shift "verticaly" defaults to 0, because of
# its proof-of-concept status...
+
# Note that there is no decvert(), as well as last encryption round is
# performed with "horizontal" shifts. This is because this "vertical"
# implementation [one which groups shifts on a given $s[i] to form a
&movz ($v0,&HB($v1));
&and ($v1,0xFF);
&xor ($s[3],&DWP(2,$te,$v1,8)); # s1>>16
- &mov ($key,$__key); # reincarnate v1 as key
+ &mov ($key,&DWP(12,"esp")); # reincarnate v1 as key
&xor ($s[2],&DWP(1,$te,$v0,8)); # s1>>24
}
-# Another experimental routine, which features "horizontal spin," but
-# eliminates one reference to stack. Strangely enough runs slower...
-sub enchoriz()
-{ my $v0 = $key, $v1 = $acc;
-
- &movz ($v0,&LB($s0)); # 3, 2, 1, 0*
- &rotr ($s2,8); # 8,11,10, 9
- &mov ($v1,&DWP(0,$te,$v0,8)); # 0
- &movz ($v0,&HB($s1)); # 7, 6, 5*, 4
- &rotr ($s3,16); # 13,12,15,14
- &xor ($v1,&DWP(3,$te,$v0,8)); # 5
- &movz ($v0,&HB($s2)); # 8,11,10*, 9
- &rotr ($s0,16); # 1, 0, 3, 2
- &xor ($v1,&DWP(2,$te,$v0,8)); # 10
- &movz ($v0,&HB($s3)); # 13,12,15*,14
- &xor ($v1,&DWP(1,$te,$v0,8)); # 15, t[0] collected
- &mov ($__s0,$v1); # t[0] saved
-
- &movz ($v0,&LB($s1)); # 7, 6, 5, 4*
- &shr ($s1,16); # -, -, 7, 6
- &mov ($v1,&DWP(0,$te,$v0,8)); # 4
- &movz ($v0,&LB($s3)); # 13,12,15,14*
- &xor ($v1,&DWP(2,$te,$v0,8)); # 14
- &movz ($v0,&HB($s0)); # 1, 0, 3*, 2
- &and ($s3,0xffff0000); # 13,12, -, -
- &xor ($v1,&DWP(1,$te,$v0,8)); # 3
- &movz ($v0,&LB($s2)); # 8,11,10, 9*
- &or ($s3,$s1); # 13,12, 7, 6
- &xor ($v1,&DWP(3,$te,$v0,8)); # 9, t[1] collected
- &mov ($s1,$v1); # s[1]=t[1]
-
- &movz ($v0,&LB($s0)); # 1, 0, 3, 2*
- &shr ($s2,16); # -, -, 8,11
- &mov ($v1,&DWP(2,$te,$v0,8)); # 2
- &movz ($v0,&HB($s3)); # 13,12, 7*, 6
- &xor ($v1,&DWP(1,$te,$v0,8)); # 7
- &movz ($v0,&HB($s2)); # -, -, 8*,11
- &xor ($v1,&DWP(0,$te,$v0,8)); # 8
- &mov ($v0,$s3);
- &shr ($v0,24); # 13
- &xor ($v1,&DWP(3,$te,$v0,8)); # 13, t[2] collected
-
- &movz ($v0,&LB($s2)); # -, -, 8,11*
- &shr ($s0,24); # 1*
- &mov ($s2,&DWP(1,$te,$v0,8)); # 11
- &xor ($s2,&DWP(3,$te,$s0,8)); # 1
- &mov ($s0,$__s0); # s[0]=t[0]
- &movz ($v0,&LB($s3)); # 13,12, 7, 6*
- &shr ($s3,16); # , ,13,12
- &xor ($s2,&DWP(2,$te,$v0,8)); # 6
- &mov ($key,$__key); # reincarnate v0 as key
- &and ($s3,0xff); # , ,13,12*
- &mov ($s3,&DWP(0,$te,$s3,8)); # 12
- &xor ($s3,$s2); # s[2]=t[3] collected
- &mov ($s2,$v1); # s[2]=t[2]
-}
-
-# More experimental code... SSE one... Even though this one eliminates
-# *all* references to stack, it's not faster...
-sub sse_encbody()
-{
- &movz ($acc,&LB("eax")); # 0
- &mov ("ecx",&DWP(0,$tbl,$acc,8)); # 0
- &pshufw ("mm2","mm0",0x0d); # 7, 6, 3, 2
- &movz ("edx",&HB("eax")); # 1
- &mov ("edx",&DWP(3,$tbl,"edx",8)); # 1
- &shr ("eax",16); # 5, 4
-
- &movz ($acc,&LB("ebx")); # 10
- &xor ("ecx",&DWP(2,$tbl,$acc,8)); # 10
- &pshufw ("mm6","mm4",0x08); # 13,12, 9, 8
- &movz ($acc,&HB("ebx")); # 11
- &xor ("edx",&DWP(1,$tbl,$acc,8)); # 11
- &shr ("ebx",16); # 15,14
-
- &movz ($acc,&HB("eax")); # 5
- &xor ("ecx",&DWP(3,$tbl,$acc,8)); # 5
- &movq ("mm3",QWP(16,$key));
- &movz ($acc,&HB("ebx")); # 15
- &xor ("ecx",&DWP(1,$tbl,$acc,8)); # 15
- &movd ("mm0","ecx"); # t[0] collected
-
- &movz ($acc,&LB("eax")); # 4
- &mov ("ecx",&DWP(0,$tbl,$acc,8)); # 4
- &movd ("eax","mm2"); # 7, 6, 3, 2
- &movz ($acc,&LB("ebx")); # 14
- &xor ("ecx",&DWP(2,$tbl,$acc,8)); # 14
- &movd ("ebx","mm6"); # 13,12, 9, 8
-
- &movz ($acc,&HB("eax")); # 3
- &xor ("ecx",&DWP(1,$tbl,$acc,8)); # 3
- &movz ($acc,&HB("ebx")); # 9
- &xor ("ecx",&DWP(3,$tbl,$acc,8)); # 9
- &movd ("mm1","ecx"); # t[1] collected
-
- &movz ($acc,&LB("eax")); # 2
- &mov ("ecx",&DWP(2,$tbl,$acc,8)); # 2
- &shr ("eax",16); # 7, 6
- &punpckldq ("mm0","mm1"); # t[0,1] collected
- &movz ($acc,&LB("ebx")); # 8
- &xor ("ecx",&DWP(0,$tbl,$acc,8)); # 8
- &shr ("ebx",16); # 13,12
-
- &movz ($acc,&HB("eax")); # 7
- &xor ("ecx",&DWP(1,$tbl,$acc,8)); # 7
- &pxor ("mm0","mm3");
- &movz ("eax",&LB("eax")); # 6
- &xor ("edx",&DWP(2,$tbl,"eax",8)); # 6
- &pshufw ("mm1","mm0",0x08); # 5, 4, 1, 0
- &movz ($acc,&HB("ebx")); # 13
- &xor ("ecx",&DWP(3,$tbl,$acc,8)); # 13
- &xor ("ecx",&DWP(24,$key)); # t[2]
- &movd ("mm4","ecx"); # t[2] collected
- &movz ("ebx",&LB("ebx")); # 12
- &xor ("edx",&DWP(0,$tbl,"ebx",8)); # 12
- &shr ("ecx",16);
- &movd ("eax","mm1"); # 5, 4, 1, 0
- &mov ("ebx",&DWP(28,$key)); # t[3]
- &xor ("ebx","edx");
- &movd ("mm5","ebx"); # t[3] collected
- &and ("ebx",0xffff0000);
- &or ("ebx","ecx");
-
- &punpckldq ("mm4","mm5"); # t[2,3] collected
-}
-
-######################################################################
-# "Compact" block function
-######################################################################
-
-sub enccompact()
-{ my $Fn = mov;
- while ($#_>5) { pop(@_); $Fn=sub{}; }
- my ($i,$te,@s)=@_;
- my $tmp = $key;
- my $out = $i==3?$s[0]:$acc;
-
- # $Fn is used in first compact round and its purpose is to
- # void restoration of some values from stack, so that after
- # 4xenccompact with extra argument $key value is left there...
- if ($i==3) { &$Fn ($key,$__key); }##%edx
- else { &mov ($out,$s[0]); }
- &and ($out,0xFF);
- if ($i==1) { &shr ($s[0],16); }#%ebx[1]
- if ($i==2) { &shr ($s[0],24); }#%ecx[2]
- &movz ($out,&BP(-128,$te,$out,1));
-
- if ($i==3) { $tmp=$s[1]; }##%eax
- &movz ($tmp,&HB($s[1]));
- &movz ($tmp,&BP(-128,$te,$tmp,1));
- &shl ($tmp,8);
- &xor ($out,$tmp);
-
- if ($i==3) { $tmp=$s[2]; &mov ($s[1],$__s0); }##%ebx
- else { &mov ($tmp,$s[2]);
- &shr ($tmp,16); }
- if ($i==2) { &and ($s[1],0xFF); }#%edx[2]
- &and ($tmp,0xFF);
- &movz ($tmp,&BP(-128,$te,$tmp,1));
- &shl ($tmp,16);
- &xor ($out,$tmp);
-
- if ($i==3) { $tmp=$s[3]; &mov ($s[2],$__s1); }##%ecx
- elsif($i==2){ &movz ($tmp,&HB($s[3])); }#%ebx[2]
- else { &mov ($tmp,$s[3]);
- &shr ($tmp,24); }
- &movz ($tmp,&BP(-128,$te,$tmp,1));
- &shl ($tmp,24);
- &xor ($out,$tmp);
- if ($i<2) { &mov (&DWP(4+4*$i,"esp"),$out); }
- if ($i==3) { &mov ($s[3],$acc); }
- &comment();
-}
-
-sub enctransform()
-{ my @s = ($s0,$s1,$s2,$s3);
- my $i = shift;
- my $tmp = $tbl;
- my $r2 = $key ;
-
- &mov ($acc,$s[$i]);
- &and ($acc,0x80808080);
- &mov ($tmp,$acc);
- &shr ($tmp,7);
- &lea ($r2,&DWP(0,$s[$i],$s[$i]));
- &sub ($acc,$tmp);
- &and ($r2,0xfefefefe);
- &and ($acc,0x1b1b1b1b);
- &mov ($tmp,$s[$i]);
- &xor ($acc,$r2); # r2
-
- &xor ($s[$i],$acc); # r0 ^ r2
- &rotl ($s[$i],24);
- &xor ($s[$i],$acc) # ROTATE(r2^r0,24) ^ r2
- &rotr ($tmp,16);
- &xor ($s[$i],$tmp);
- &rotr ($tmp,8);
- &xor ($s[$i],$tmp);
-}
-
-&public_label("AES_Te");
-&function_begin_B("_x86_AES_encrypt_compact");
- # note that caller is expected to allocate stack frame for me!
- &mov ($__key,$key); # save key
-
- &xor ($s0,&DWP(0,$key)); # xor with key
- &xor ($s1,&DWP(4,$key));
- &xor ($s2,&DWP(8,$key));
- &xor ($s3,&DWP(12,$key));
-
- &mov ($acc,&DWP(240,$key)); # load key->rounds
- &lea ($acc,&DWP(-2,$acc,$acc));
- &lea ($acc,&DWP(0,$key,$acc,8));
- &mov ($__end,$acc); # end of key schedule
-
- # prefetch Te4
- &mov ($key,&DWP(0-128,$tbl));
- &mov ($acc,&DWP(32-128,$tbl));
- &mov ($key,&DWP(64-128,$tbl));
- &mov ($acc,&DWP(96-128,$tbl));
- &mov ($key,&DWP(128-128,$tbl));
- &mov ($acc,&DWP(160-128,$tbl));
- &mov ($key,&DWP(192-128,$tbl));
- &mov ($acc,&DWP(224-128,$tbl));
-
- &set_label("loop",16);
-
- &enccompact(0,$tbl,$s0,$s1,$s2,$s3,1);
- &enccompact(1,$tbl,$s1,$s2,$s3,$s0,1);
- &enccompact(2,$tbl,$s2,$s3,$s0,$s1,1);
- &enccompact(3,$tbl,$s3,$s0,$s1,$s2,1);
- &enctransform(2);
- &enctransform(3);
- &enctransform(0);
- &enctransform(1);
- &mov ($key,$__key);
- &mov ($tbl,$__tbl);
- &add ($key,16); # advance rd_key
- &xor ($s0,&DWP(0,$key));
- &xor ($s1,&DWP(4,$key));
- &xor ($s2,&DWP(8,$key));
- &xor ($s3,&DWP(12,$key));
-
- &cmp ($key,$__end);
- &mov ($__key,$key);
- &jb (&label("loop"));
-
- &enccompact(0,$tbl,$s0,$s1,$s2,$s3);
- &enccompact(1,$tbl,$s1,$s2,$s3,$s0);
- &enccompact(2,$tbl,$s2,$s3,$s0,$s1);
- &enccompact(3,$tbl,$s3,$s0,$s1,$s2);
-
- &xor ($s0,&DWP(16,$key));
- &xor ($s1,&DWP(20,$key));
- &xor ($s2,&DWP(24,$key));
- &xor ($s3,&DWP(28,$key));
-
- &ret ();
-&function_end_B("_x86_AES_encrypt_compact");
-
-######################################################################
-# "Compact" SSE block function.
-######################################################################
-#
-# Performance is not actually extraordinary in comparison to pure
-# x86 code. In particular encrypt performance is virtually the same.
-# Decrypt performance on the other hand is 15-20% better on newer
-# µ-archs [but we're thankful for *any* improvement here], and ~50%
-# better on PIII:-) And additionally on the pros side this code
-# eliminates redundant references to stack and thus relieves/
-# minimizes the pressure on the memory bus.
-#
-# MMX register layout lsb
-# +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
-# | mm4 | mm0 |
-# +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
-# | s3 | s2 | s1 | s0 |
-# +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
-# |15|14|13|12|11|10| 9| 8| 7| 6| 5| 4| 3| 2| 1| 0|
-# +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
-#
-# Indexes translate as s[N/4]>>(8*(N%4)), e.g. 5 means s1>>8.
-# In this terms encryption and decryption "compact" permutation
-# matrices can be depicted as following:
-#
-# encryption lsb # decryption lsb
-# +----++----+----+----+----+ # +----++----+----+----+----+
-# | t0 || 15 | 10 | 5 | 0 | # | t0 || 7 | 10 | 13 | 0 |
-# +----++----+----+----+----+ # +----++----+----+----+----+
-# | t1 || 3 | 14 | 9 | 4 | # | t1 || 11 | 14 | 1 | 4 |
-# +----++----+----+----+----+ # +----++----+----+----+----+
-# | t2 || 7 | 2 | 13 | 8 | # | t2 || 15 | 2 | 5 | 8 |
-# +----++----+----+----+----+ # +----++----+----+----+----+
-# | t3 || 11 | 6 | 1 | 12 | # | t3 || 3 | 6 | 9 | 12 |
-# +----++----+----+----+----+ # +----++----+----+----+----+
-#
-######################################################################
-# Why not xmm registers? Short answer. It was actually tested and
-# was not any faster, but *contrary*, most notably on Intel CPUs.
-# Longer answer. Main advantage of using mm registers is that movd
-# latency is lower, especially on Intel P4. While arithmetic
-# instructions are twice as many, they can be scheduled every cycle
-# and not every second one when they are operating on xmm register,
-# so that "arithmetic throughput" remains virtually the same. And
-# finally the code can be executed even on elder SSE-only CPUs:-)
-
-sub sse_enccompact()
-{
- &pshufw ("mm1","mm0",0x08); # 5, 4, 1, 0
- &pshufw ("mm5","mm4",0x0d); # 15,14,11,10
- &movd ("eax","mm1"); # 5, 4, 1, 0
- &movd ("ebx","mm5"); # 15,14,11,10
-
- &movz ($acc,&LB("eax")); # 0
- &movz ("ecx",&BP(-128,$tbl,$acc,1)); # 0
- &pshufw ("mm2","mm0",0x0d); # 7, 6, 3, 2
- &movz ("edx",&HB("eax")); # 1
- &movz ("edx",&BP(-128,$tbl,"edx",1)); # 1
- &shl ("edx",8); # 1
- &shr ("eax",16); # 5, 4
-
- &movz ($acc,&LB("ebx")); # 10
- &movz ($acc,&BP(-128,$tbl,$acc,1)); # 10
- &shl ($acc,16); # 10
- &or ("ecx",$acc); # 10
- &pshufw ("mm6","mm4",0x08); # 13,12, 9, 8
- &movz ($acc,&HB("ebx")); # 11
- &movz ($acc,&BP(-128,$tbl,$acc,1)); # 11
- &shl ($acc,24); # 11
- &or ("edx",$acc); # 11
- &shr ("ebx",16); # 15,14
-
- &movz ($acc,&HB("eax")); # 5
- &movz ($acc,&BP(-128,$tbl,$acc,1)); # 5
- &shl ($acc,8); # 5
- &or ("ecx",$acc); # 5
- &movz ($acc,&HB("ebx")); # 15
- &movz ($acc,&BP(-128,$tbl,$acc,1)); # 15
- &shl ($acc,24); # 15
- &or ("ecx",$acc); # 15
- &movd ("mm0","ecx"); # t[0] collected
-
- &movz ($acc,&LB("eax")); # 4
- &movz ("ecx",&BP(-128,$tbl,$acc,1)); # 4
- &movd ("eax","mm2"); # 7, 6, 3, 2
- &movz ($acc,&LB("ebx")); # 14
- &movz ($acc,&BP(-128,$tbl,$acc,1)); # 14
- &shl ($acc,16); # 14
- &or ("ecx",$acc); # 14
-
- &movd ("ebx","mm6"); # 13,12, 9, 8
- &movz ($acc,&HB("eax")); # 3
- &movz ($acc,&BP(-128,$tbl,$acc,1)); # 3
- &shl ($acc,24); # 3
- &or ("ecx",$acc); # 3
- &movz ($acc,&HB("ebx")); # 9
- &movz ($acc,&BP(-128,$tbl,$acc,1)); # 9
- &shl ($acc,8); # 9
- &or ("ecx",$acc); # 9
- &movd ("mm1","ecx"); # t[1] collected
-
- &movz ($acc,&LB("ebx")); # 8
- &movz ("ecx",&BP(-128,$tbl,$acc,1)); # 8
- &shr ("ebx",16); # 13,12
- &movz ($acc,&LB("eax")); # 2
- &movz ($acc,&BP(-128,$tbl,$acc,1)); # 2
- &shl ($acc,16); # 2
- &or ("ecx",$acc); # 2
- &shr ("eax",16); # 7, 6
-
- &punpckldq ("mm0","mm1"); # t[0,1] collected
-
- &movz ($acc,&HB("eax")); # 7
- &movz ($acc,&BP(-128,$tbl,$acc,1)); # 7
- &shl ($acc,24); # 7
- &or ("ecx",$acc); # 7
- &and ("eax",0xff); # 6
- &movz ("eax",&BP(-128,$tbl,"eax",1)); # 6
- &shl ("eax",16); # 6
- &or ("edx","eax"); # 6
- &movz ($acc,&HB("ebx")); # 13
- &movz ($acc,&BP(-128,$tbl,$acc,1)); # 13
- &shl ($acc,8); # 13
- &or ("ecx",$acc); # 13
- &movd ("mm4","ecx"); # t[2] collected
- &and ("ebx",0xff); # 12
- &movz ("ebx",&BP(-128,$tbl,"ebx",1)); # 12
- &or ("edx","ebx"); # 12
- &movd ("mm5","edx"); # t[3] collected
-
- &punpckldq ("mm4","mm5"); # t[2,3] collected
-}
-
- if (!$x86only) {
-&public_label("AES_Te");
-&function_begin_B("_sse_AES_encrypt_compact");
- &pxor ("mm0",&QWP(0,$key)); # 7, 6, 5, 4, 3, 2, 1, 0
- &pxor ("mm4",&QWP(8,$key)); # 15,14,13,12,11,10, 9, 8
-
- # note that caller is expected to allocate stack frame for me!
- &mov ($acc,&DWP(240,$key)); # load key->rounds
- &lea ($acc,&DWP(-2,$acc,$acc));
- &lea ($acc,&DWP(0,$key,$acc,8));
- &mov ($__end,$acc); # end of key schedule
-
- &mov ($s0,0x1b1b1b1b); # magic constant
- &mov (&DWP(8,"esp"),$s0);
- &mov (&DWP(12,"esp"),$s0);
-
- # prefetch Te4
- &mov ($s0,&DWP(0-128,$tbl));
- &mov ($s1,&DWP(32-128,$tbl));
- &mov ($s2,&DWP(64-128,$tbl));
- &mov ($s3,&DWP(96-128,$tbl));
- &mov ($s0,&DWP(128-128,$tbl));
- &mov ($s1,&DWP(160-128,$tbl));
- &mov ($s2,&DWP(192-128,$tbl));
- &mov ($s3,&DWP(224-128,$tbl));
-
- &set_label("loop",16);
- &sse_enccompact();
- &add ($key,16);
- &cmp ($key,$__end);
- &ja (&label("out"));
-
- &movq ("mm2",&QWP(8,"esp"));
- &pxor ("mm3","mm3"); &pxor ("mm7","mm7");
- &movq ("mm1","mm0"); &movq ("mm5","mm4"); # r0
- &pcmpgtb("mm3","mm0"); &pcmpgtb("mm7","mm4");
- &pand ("mm3","mm2"); &pand ("mm7","mm2");
- &pshufw ("mm2","mm0",0xb1); &pshufw ("mm6","mm4",0xb1);# ROTATE(r0,16)
- &paddb ("mm0","mm0"); &paddb ("mm4","mm4");
- &pxor ("mm0","mm3"); &pxor ("mm4","mm7"); # = r2
- &pshufw ("mm3","mm2",0xb1); &pshufw ("mm7","mm6",0xb1);# r0
- &pxor ("mm1","mm0"); &pxor ("mm5","mm4"); # r0^r2
- &pxor ("mm0","mm2"); &pxor ("mm4","mm6"); # ^= ROTATE(r0,16)
-
- &movq ("mm2","mm3"); &movq ("mm6","mm7");
- &pslld ("mm3",8); &pslld ("mm7",8);
- &psrld ("mm2",24); &psrld ("mm6",24);
- &pxor ("mm0","mm3"); &pxor ("mm4","mm7"); # ^= r0<<8
- &pxor ("mm0","mm2"); &pxor ("mm4","mm6"); # ^= r0>>24
-
- &movq ("mm3","mm1"); &movq ("mm7","mm5");
- &movq ("mm2",&QWP(0,$key)); &movq ("mm6",&QWP(8,$key));
- &psrld ("mm1",8); &psrld ("mm5",8);
- &mov ($s0,&DWP(0-128,$tbl));
- &pslld ("mm3",24); &pslld ("mm7",24);
- &mov ($s1,&DWP(64-128,$tbl));
- &pxor ("mm0","mm1"); &pxor ("mm4","mm5"); # ^= (r2^r0)<<8
- &mov ($s2,&DWP(128-128,$tbl));
- &pxor ("mm0","mm3"); &pxor ("mm4","mm7"); # ^= (r2^r0)>>24
- &mov ($s3,&DWP(192-128,$tbl));
-
- &pxor ("mm0","mm2"); &pxor ("mm4","mm6");
- &jmp (&label("loop"));
-
- &set_label("out",16);
- &pxor ("mm0",&QWP(0,$key));
- &pxor ("mm4",&QWP(8,$key));
-
- &ret ();
-&function_end_B("_sse_AES_encrypt_compact");
- }
-
-######################################################################
-# Vanilla block function.
-######################################################################
-
sub encstep()
{ my ($i,$te,@s) = @_;
my $tmp = $key;
my $out = $i==3?$s[0]:$acc;
# lines marked with #%e?x[i] denote "reordered" instructions...
- if ($i==3) { &mov ($key,$__key); }##%edx
+ if ($i==3) { &mov ($key,&DWP(12,"esp")); }##%edx
else { &mov ($out,$s[0]);
&and ($out,0xFF); }
if ($i==1) { &shr ($s[0],16); }#%ebx[1]
&movz ($tmp,&HB($s[1]));
&xor ($out,&DWP(3,$te,$tmp,8));
- if ($i==3) { $tmp=$s[2]; &mov ($s[1],$__s0); }##%ebx
+ if ($i==3) { $tmp=$s[2]; &mov ($s[1],&DWP(4,"esp")); }##%ebx
else { &mov ($tmp,$s[2]);
&shr ($tmp,16); }
if ($i==2) { &and ($s[1],0xFF); }#%edx[2]
&and ($tmp,0xFF);
&xor ($out,&DWP(2,$te,$tmp,8));
- if ($i==3) { $tmp=$s[3]; &mov ($s[2],$__s1); }##%ecx
+ if ($i==3) { $tmp=$s[3]; &mov ($s[2],&DWP(8,"esp")); }##%ecx
elsif($i==2){ &movz ($tmp,&HB($s[3])); }#%ebx[2]
else { &mov ($tmp,$s[3]);
&shr ($tmp,24) }
my $tmp = $key;
my $out = $i==3?$s[0]:$acc;
- if ($i==3) { &mov ($key,$__key); }##%edx
+ if ($i==3) { &mov ($key,&DWP(12,"esp")); }##%edx
else { &mov ($out,$s[0]); }
&and ($out,0xFF);
if ($i==1) { &shr ($s[0],16); }#%ebx[1]
&and ($tmp,0x0000ff00);
&xor ($out,$tmp);
- if ($i==3) { $tmp=$s[2]; &mov ($s[1],$__s0); }##%ebx
- else { &mov ($tmp,$s[2]);
+ if ($i==3) { $tmp=$s[2]; &mov ($s[1],&DWP(4,"esp")); }##%ebx
+ else { mov ($tmp,$s[2]);
&shr ($tmp,16); }
if ($i==2) { &and ($s[1],0xFF); }#%edx[2]
&and ($tmp,0xFF);
&and ($tmp,0x00ff0000);
&xor ($out,$tmp);
- if ($i==3) { $tmp=$s[3]; &mov ($s[2],$__s1); }##%ecx
+ if ($i==3) { $tmp=$s[3]; &mov ($s[2],&DWP(8,"esp")); }##%ecx
elsif($i==2){ &movz ($tmp,&HB($s[3])); }#%ebx[2]
else { &mov ($tmp,$s[3]);
&shr ($tmp,24); }
if ($i==3) { &mov ($s[3],$acc); }
}
+sub _data_word() { my $i; while(defined($i=shift)) { &data_word($i,$i); } }
+
&public_label("AES_Te");
&function_begin_B("_x86_AES_encrypt");
if ($vertical_spin) {
}
# note that caller is expected to allocate stack frame for me!
- &mov ($__key,$key); # save key
+ &mov (&DWP(12,"esp"),$key); # save key
&xor ($s0,&DWP(0,$key)); # xor with key
&xor ($s1,&DWP(4,$key));
if ($small_footprint) {
&lea ($acc,&DWP(-2,$acc,$acc));
&lea ($acc,&DWP(0,$key,$acc,8));
- &mov ($__end,$acc); # end of key schedule
-
- &set_label("loop",16);
+ &mov (&DWP(16,"esp"),$acc); # end of key schedule
+ &align (4);
+ &set_label("loop");
if ($vertical_spin) {
- &encvert($tbl,$s0,$s1,$s2,$s3);
+ &encvert("ebp",$s0,$s1,$s2,$s3);
} else {
- &encstep(0,$tbl,$s0,$s1,$s2,$s3);
- &encstep(1,$tbl,$s1,$s2,$s3,$s0);
- &encstep(2,$tbl,$s2,$s3,$s0,$s1);
- &encstep(3,$tbl,$s3,$s0,$s1,$s2);
+ &encstep(0,"ebp",$s0,$s1,$s2,$s3);
+ &encstep(1,"ebp",$s1,$s2,$s3,$s0);
+ &encstep(2,"ebp",$s2,$s3,$s0,$s1);
+ &encstep(3,"ebp",$s3,$s0,$s1,$s2);
}
&add ($key,16); # advance rd_key
&xor ($s0,&DWP(0,$key));
&xor ($s1,&DWP(4,$key));
&xor ($s2,&DWP(8,$key));
&xor ($s3,&DWP(12,$key));
- &cmp ($key,$__end);
- &mov ($__key,$key);
+ &cmp ($key,&DWP(16,"esp"));
+ &mov (&DWP(12,"esp"),$key);
&jb (&label("loop"));
}
else {
&cmp ($acc,12);
&jle (&label("12rounds"));
- &set_label("14rounds",4);
+ &set_label("14rounds");
for ($i=1;$i<3;$i++) {
if ($vertical_spin) {
- &encvert($tbl,$s0,$s1,$s2,$s3);
+ &encvert("ebp",$s0,$s1,$s2,$s3);
} else {
- &encstep(0,$tbl,$s0,$s1,$s2,$s3);
- &encstep(1,$tbl,$s1,$s2,$s3,$s0);
- &encstep(2,$tbl,$s2,$s3,$s0,$s1);
- &encstep(3,$tbl,$s3,$s0,$s1,$s2);
+ &encstep(0,"ebp",$s0,$s1,$s2,$s3);
+ &encstep(1,"ebp",$s1,$s2,$s3,$s0);
+ &encstep(2,"ebp",$s2,$s3,$s0,$s1);
+ &encstep(3,"ebp",$s3,$s0,$s1,$s2);
}
&xor ($s0,&DWP(16*$i+0,$key));
&xor ($s1,&DWP(16*$i+4,$key));
&xor ($s3,&DWP(16*$i+12,$key));
}
&add ($key,32);
- &mov ($__key,$key); # advance rd_key
- &set_label("12rounds",4);
+ &mov (&DWP(12,"esp"),$key); # advance rd_key
+ &set_label("12rounds");
for ($i=1;$i<3;$i++) {
if ($vertical_spin) {
- &encvert($tbl,$s0,$s1,$s2,$s3);
+ &encvert("ebp",$s0,$s1,$s2,$s3);
} else {
- &encstep(0,$tbl,$s0,$s1,$s2,$s3);
- &encstep(1,$tbl,$s1,$s2,$s3,$s0);
- &encstep(2,$tbl,$s2,$s3,$s0,$s1);
- &encstep(3,$tbl,$s3,$s0,$s1,$s2);
+ &encstep(0,"ebp",$s0,$s1,$s2,$s3);
+ &encstep(1,"ebp",$s1,$s2,$s3,$s0);
+ &encstep(2,"ebp",$s2,$s3,$s0,$s1);
+ &encstep(3,"ebp",$s3,$s0,$s1,$s2);
}
&xor ($s0,&DWP(16*$i+0,$key));
&xor ($s1,&DWP(16*$i+4,$key));
&xor ($s3,&DWP(16*$i+12,$key));
}
&add ($key,32);
- &mov ($__key,$key); # advance rd_key
- &set_label("10rounds",4);
+ &mov (&DWP(12,"esp"),$key); # advance rd_key
+ &set_label("10rounds");
for ($i=1;$i<10;$i++) {
if ($vertical_spin) {
- &encvert($tbl,$s0,$s1,$s2,$s3);
+ &encvert("ebp",$s0,$s1,$s2,$s3);
} else {
- &encstep(0,$tbl,$s0,$s1,$s2,$s3);
- &encstep(1,$tbl,$s1,$s2,$s3,$s0);
- &encstep(2,$tbl,$s2,$s3,$s0,$s1);
- &encstep(3,$tbl,$s3,$s0,$s1,$s2);
+ &encstep(0,"ebp",$s0,$s1,$s2,$s3);
+ &encstep(1,"ebp",$s1,$s2,$s3,$s0);
+ &encstep(2,"ebp",$s2,$s3,$s0,$s1);
+ &encstep(3,"ebp",$s3,$s0,$s1,$s2);
}
&xor ($s0,&DWP(16*$i+0,$key));
&xor ($s1,&DWP(16*$i+4,$key));
&mov ($s1="ebx",$key="edi");
&mov ($s2="ecx",$acc="esi");
}
- &enclast(0,$tbl,$s0,$s1,$s2,$s3);
- &enclast(1,$tbl,$s1,$s2,$s3,$s0);
- &enclast(2,$tbl,$s2,$s3,$s0,$s1);
- &enclast(3,$tbl,$s3,$s0,$s1,$s2);
+ &enclast(0,"ebp",$s0,$s1,$s2,$s3);
+ &enclast(1,"ebp",$s1,$s2,$s3,$s0);
+ &enclast(2,"ebp",$s2,$s3,$s0,$s1);
+ &enclast(3,"ebp",$s3,$s0,$s1,$s2);
&add ($key,$small_footprint?16:160);
&xor ($s0,&DWP(0,$key));
&_data_word(0xdabfbf65, 0x31e6e6d7, 0xc6424284, 0xb86868d0);
&_data_word(0xc3414182, 0xb0999929, 0x772d2d5a, 0x110f0f1e);
&_data_word(0xcbb0b07b, 0xfc5454a8, 0xd6bbbb6d, 0x3a16162c);
-
-#Te4 # four copies of Te4 to choose from to avoid L1 aliasing
- &data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5);
- &data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76);
- &data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0);
- &data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0);
- &data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc);
- &data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15);
- &data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a);
- &data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75);
- &data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0);
- &data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84);
- &data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b);
- &data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf);
- &data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85);
- &data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8);
- &data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5);
- &data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2);
- &data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17);
- &data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73);
- &data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88);
- &data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb);
- &data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c);
- &data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79);
- &data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9);
- &data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08);
- &data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6);
- &data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a);
- &data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e);
- &data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e);
- &data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94);
- &data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf);
- &data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68);
- &data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16);
-
- &data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5);
- &data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76);
- &data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0);
- &data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0);
- &data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc);
- &data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15);
- &data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a);
- &data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75);
- &data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0);
- &data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84);
- &data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b);
- &data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf);
- &data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85);
- &data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8);
- &data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5);
- &data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2);
- &data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17);
- &data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73);
- &data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88);
- &data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb);
- &data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c);
- &data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79);
- &data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9);
- &data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08);
- &data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6);
- &data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a);
- &data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e);
- &data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e);
- &data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94);
- &data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf);
- &data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68);
- &data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16);
-
- &data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5);
- &data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76);
- &data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0);
- &data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0);
- &data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc);
- &data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15);
- &data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a);
- &data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75);
- &data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0);
- &data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84);
- &data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b);
- &data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf);
- &data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85);
- &data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8);
- &data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5);
- &data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2);
- &data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17);
- &data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73);
- &data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88);
- &data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb);
- &data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c);
- &data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79);
- &data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9);
- &data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08);
- &data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6);
- &data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a);
- &data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e);
- &data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e);
- &data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94);
- &data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf);
- &data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68);
- &data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16);
-
- &data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5);
- &data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76);
- &data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0);
- &data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0);
- &data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc);
- &data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15);
- &data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a);
- &data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75);
- &data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0);
- &data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84);
- &data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b);
- &data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf);
- &data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85);
- &data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8);
- &data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5);
- &data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2);
- &data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17);
- &data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73);
- &data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88);
- &data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb);
- &data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c);
- &data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79);
- &data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9);
- &data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08);
- &data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6);
- &data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a);
- &data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e);
- &data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e);
- &data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94);
- &data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf);
- &data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68);
- &data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16);
#rcon:
&data_word(0x00000001, 0x00000002, 0x00000004, 0x00000008);
&data_word(0x00000010, 0x00000020, 0x00000040, 0x00000080);
- &data_word(0x0000001b, 0x00000036, 0x00000000, 0x00000000);
- &data_word(0x00000000, 0x00000000, 0x00000000, 0x00000000);
+ &data_word(0x0000001b, 0x00000036, 0, 0, 0, 0, 0, 0);
&function_end_B("_x86_AES_encrypt");
# void AES_encrypt (const void *inp,void *out,const AES_KEY *key);
&mov ($key,&wparam(2)); # load key
&mov ($s0,"esp");
- &sub ("esp",36);
- &and ("esp",-64); # align to cache-line
-
- # place stack frame just "above" the key schedule
- &lea ($s1,&DWP(-64-63,$key));
- &sub ($s1,"esp");
- &neg ($s1);
- &and ($s1,0x3C0); # modulo 1024, but aligned to cache-line
- &sub ("esp",$s1);
- &add ("esp",4); # 4 is reserved for caller's return address
- &mov ($_esp,$s0); # save stack pointer
+ &sub ("esp",24);
+ &and ("esp",-64);
+ &add ("esp",4);
+ &mov (&DWP(16,"esp"),$s0);
&call (&label("pic_point")); # make it PIC!
&set_label("pic_point");
- &blindpop($tbl);
- &picmeup($s0,"OPENSSL_ia32cap_P",$tbl,&label("pic_point")) if (!$x86only);
- &lea ($tbl,&DWP(&label("AES_Te")."-".&label("pic_point"),$tbl));
-
- # pick Te4 copy which can't "overlap" with stack frame or key schedule
- &lea ($s1,&DWP(768-4,"esp"));
- &sub ($s1,$tbl);
- &and ($s1,0x300);
- &lea ($tbl,&DWP(2048+128,$tbl,$s1));
-
- if (!$x86only) {
- &bt (&DWP(0,$s0),25); # check for SSE bit
- &jnc (&label("x86"));
-
- &movq ("mm0",&QWP(0,$acc));
- &movq ("mm4",&QWP(8,$acc));
- &call ("_sse_AES_encrypt_compact");
- &mov ("esp",$_esp); # restore stack pointer
- &mov ($acc,&wparam(1)); # load out
- &movq (&QWP(0,$acc),"mm0"); # write output data
- &movq (&QWP(8,$acc),"mm4");
- &emms ();
- &function_end_A();
- }
- &set_label("x86",16);
- &mov ($_tbl,$tbl);
+ &blindpop("ebp");
+ &lea ("ebp",&DWP(&label("AES_Te")."-".&label("pic_point"),"ebp"));
+
&mov ($s0,&DWP(0,$acc)); # load input data
&mov ($s1,&DWP(4,$acc));
&mov ($s2,&DWP(8,$acc));
&mov ($s3,&DWP(12,$acc));
- &call ("_x86_AES_encrypt_compact");
- &mov ("esp",$_esp); # restore stack pointer
+
+ &call ("_x86_AES_encrypt");
+
+ &mov ("esp",&DWP(16,"esp"));
+
&mov ($acc,&wparam(1)); # load out
&mov (&DWP(0,$acc),$s0); # write output data
&mov (&DWP(4,$acc),$s1);
&mov (&DWP(12,$acc),$s3);
&function_end("AES_encrypt");
-#--------------------------------------------------------------------#
-
-######################################################################
-# "Compact" block function
-######################################################################
-
-sub deccompact()
-{ my $Fn = mov;
- while ($#_>5) { pop(@_); $Fn=sub{}; }
- my ($i,$td,@s)=@_;
- my $tmp = $key;
- my $out = $i==3?$s[0]:$acc;
-
- # $Fn is used in first compact round and its purpose is to
- # void restoration of some values from stack, so that after
- # 4xdeccompact with extra argument $key, $s0 and $s1 values
- # are left there...
- if($i==3) { &$Fn ($key,$__key); }
- else { &mov ($out,$s[0]); }
- &and ($out,0xFF);
- &movz ($out,&BP(-128,$td,$out,1));
-
- if ($i==3) { $tmp=$s[1]; }
- &movz ($tmp,&HB($s[1]));
- &movz ($tmp,&BP(-128,$td,$tmp,1));
- &shl ($tmp,8);
- &xor ($out,$tmp);
-
- if ($i==3) { $tmp=$s[2]; &mov ($s[1],$acc); }
- else { mov ($tmp,$s[2]); }
- &shr ($tmp,16);
- &and ($tmp,0xFF);
- &movz ($tmp,&BP(-128,$td,$tmp,1));
- &shl ($tmp,16);
- &xor ($out,$tmp);
-
- if ($i==3) { $tmp=$s[3]; &$Fn ($s[2],$__s1); }
- else { &mov ($tmp,$s[3]); }
- &shr ($tmp,24);
- &movz ($tmp,&BP(-128,$td,$tmp,1));
- &shl ($tmp,24);
- &xor ($out,$tmp);
- if ($i<2) { &mov (&DWP(4+4*$i,"esp"),$out); }
- if ($i==3) { &$Fn ($s[3],$__s0); }
-}
-
-# must be called with 2,3,0,1 as argument sequence!!!
-sub dectransform()
-{ my @s = ($s0,$s1,$s2,$s3);
- my $i = shift;
- my $tmp = $key;
- my $tp2 = @s[($i+2)%4]; $tp2 = @s[2] if ($i==1);
- my $tp4 = @s[($i+3)%4]; $tp4 = @s[3] if ($i==1);
- my $tp8 = $tbl;
-
- &mov ($acc,$s[$i]);
- &and ($acc,0x80808080);
- &mov ($tmp,$acc);
- &shr ($tmp,7);
- &lea ($tp2,&DWP(0,$s[$i],$s[$i]));
- &sub ($acc,$tmp);
- &and ($tp2,0xfefefefe);
- &and ($acc,0x1b1b1b1b);
- &xor ($acc,$tp2);
- &mov ($tp2,$acc);
-
- &and ($acc,0x80808080);
- &mov ($tmp,$acc);
- &shr ($tmp,7);
- &lea ($tp4,&DWP(0,$tp2,$tp2));
- &sub ($acc,$tmp);
- &and ($tp4,0xfefefefe);
- &and ($acc,0x1b1b1b1b);
- &xor ($tp2,$s[$i]); # tp2^tp1
- &xor ($acc,$tp4);
- &mov ($tp4,$acc);
-
- &and ($acc,0x80808080);
- &mov ($tmp,$acc);
- &shr ($tmp,7);
- &lea ($tp8,&DWP(0,$tp4,$tp4));
- &sub ($acc,$tmp);
- &and ($tp8,0xfefefefe);
- &and ($acc,0x1b1b1b1b);
- &xor ($tp4,$s[$i]); # tp4^tp1
- &rotl ($s[$i],8); # = ROTATE(tp1,8)
- &xor ($tp8,$acc);
-
- &xor ($s[$i],$tp2);
- &xor ($tp2,$tp8);
- &rotl ($tp2,24);
- &xor ($s[$i],$tp4);
- &xor ($tp4,$tp8);
- &rotl ($tp4,16);
- &xor ($s[$i],$tp8); # ^= tp8^(tp4^tp1)^(tp2^tp1)
- &rotl ($tp8,8);
- &xor ($s[$i],$tp2); # ^= ROTATE(tp8^tp2^tp1,24)
- &xor ($s[$i],$tp4); # ^= ROTATE(tp8^tp4^tp1,16)
- &mov ($s[0],$__s0) if($i==2); #prefetch $s0
- &mov ($s[1],$__s1) if($i==3); #prefetch $s1
- &mov ($s[2],$__s2) if($i==1);
- &xor ($s[$i],$tp8); # ^= ROTATE(tp8,8)
-
- &mov ($s[3],$__s3) if($i==1);
- &mov (&DWP(4+4*$i,"esp"),$s[$i]) if($i>=2);
-}
-
-&public_label("AES_Td");
-&function_begin_B("_x86_AES_decrypt_compact");
- # note that caller is expected to allocate stack frame for me!
- &mov ($__key,$key); # save key
-
- &xor ($s0,&DWP(0,$key)); # xor with key
- &xor ($s1,&DWP(4,$key));
- &xor ($s2,&DWP(8,$key));
- &xor ($s3,&DWP(12,$key));
-
- &mov ($acc,&DWP(240,$key)); # load key->rounds
-
- &lea ($acc,&DWP(-2,$acc,$acc));
- &lea ($acc,&DWP(0,$key,$acc,8));
- &mov ($__end,$acc); # end of key schedule
-
- # prefetch Td4
- &mov ($key,&DWP(0-128,$tbl));
- &mov ($acc,&DWP(32-128,$tbl));
- &mov ($key,&DWP(64-128,$tbl));
- &mov ($acc,&DWP(96-128,$tbl));
- &mov ($key,&DWP(128-128,$tbl));
- &mov ($acc,&DWP(160-128,$tbl));
- &mov ($key,&DWP(192-128,$tbl));
- &mov ($acc,&DWP(224-128,$tbl));
-
- &set_label("loop",16);
-
- &deccompact(0,$tbl,$s0,$s3,$s2,$s1,1);
- &deccompact(1,$tbl,$s1,$s0,$s3,$s2,1);
- &deccompact(2,$tbl,$s2,$s1,$s0,$s3,1);
- &deccompact(3,$tbl,$s3,$s2,$s1,$s0,1);
- &dectransform(2);
- &dectransform(3);
- &dectransform(0);
- &dectransform(1);
- &mov ($key,$__key);
- &mov ($tbl,$__tbl);
- &add ($key,16); # advance rd_key
- &xor ($s0,&DWP(0,$key));
- &xor ($s1,&DWP(4,$key));
- &xor ($s2,&DWP(8,$key));
- &xor ($s3,&DWP(12,$key));
-
- &cmp ($key,$__end);
- &mov ($__key,$key);
- &jb (&label("loop"));
-
- &deccompact(0,$tbl,$s0,$s3,$s2,$s1);
- &deccompact(1,$tbl,$s1,$s0,$s3,$s2);
- &deccompact(2,$tbl,$s2,$s1,$s0,$s3);
- &deccompact(3,$tbl,$s3,$s2,$s1,$s0);
-
- &xor ($s0,&DWP(16,$key));
- &xor ($s1,&DWP(20,$key));
- &xor ($s2,&DWP(24,$key));
- &xor ($s3,&DWP(28,$key));
-
- &ret ();
-&function_end_B("_x86_AES_decrypt_compact");
-
-######################################################################
-# "Compact" SSE block function.
-######################################################################
-
-sub sse_deccompact()
-{
- &pshufw ("mm1","mm0",0x0c); # 7, 6, 1, 0
- &movd ("eax","mm1"); # 7, 6, 1, 0
-
- &pshufw ("mm5","mm4",0x09); # 13,12,11,10
- &movz ($acc,&LB("eax")); # 0
- &movz ("ecx",&BP(-128,$tbl,$acc,1)); # 0
- &movd ("ebx","mm5"); # 13,12,11,10
- &movz ("edx",&HB("eax")); # 1
- &movz ("edx",&BP(-128,$tbl,"edx",1)); # 1
- &shl ("edx",8); # 1
-
- &pshufw ("mm2","mm0",0x06); # 3, 2, 5, 4
- &movz ($acc,&LB("ebx")); # 10
- &movz ($acc,&BP(-128,$tbl,$acc,1)); # 10
- &shl ($acc,16); # 10
- &or ("ecx",$acc); # 10
- &shr ("eax",16); # 7, 6
- &movz ($acc,&HB("ebx")); # 11
- &movz ($acc,&BP(-128,$tbl,$acc,1)); # 11
- &shl ($acc,24); # 11
- &or ("edx",$acc); # 11
- &shr ("ebx",16); # 13,12
-
- &pshufw ("mm6","mm4",0x03); # 9, 8,15,14
- &movz ($acc,&HB("eax")); # 7
- &movz ($acc,&BP(-128,$tbl,$acc,1)); # 7
- &shl ($acc,24); # 7
- &or ("ecx",$acc); # 7
- &movz ($acc,&HB("ebx")); # 13
- &movz ($acc,&BP(-128,$tbl,$acc,1)); # 13
- &shl ($acc,8); # 13
- &or ("ecx",$acc); # 13
- &movd ("mm0","ecx"); # t[0] collected
-
- &movz ($acc,&LB("eax")); # 6
- &movd ("eax","mm2"); # 3, 2, 5, 4
- &movz ("ecx",&BP(-128,$tbl,$acc,1)); # 6
- &shl ("ecx",16); # 6
- &movz ($acc,&LB("ebx")); # 12
- &movd ("ebx","mm6"); # 9, 8,15,14
- &movz ($acc,&BP(-128,$tbl,$acc,1)); # 12
- &or ("ecx",$acc); # 12
-
- &movz ($acc,&LB("eax")); # 4
- &movz ($acc,&BP(-128,$tbl,$acc,1)); # 4
- &or ("edx",$acc); # 4
- &movz ($acc,&LB("ebx")); # 14
- &movz ($acc,&BP(-128,$tbl,$acc,1)); # 14
- &shl ($acc,16); # 14
- &or ("edx",$acc); # 14
- &movd ("mm1","edx"); # t[1] collected
-
- &movz ($acc,&HB("eax")); # 5
- &movz ("edx",&BP(-128,$tbl,$acc,1)); # 5
- &shl ("edx",8); # 5
- &movz ($acc,&HB("ebx")); # 15
- &shr ("eax",16); # 3, 2
- &movz ($acc,&BP(-128,$tbl,$acc,1)); # 15
- &shl ($acc,24); # 15
- &or ("edx",$acc); # 15
- &shr ("ebx",16); # 9, 8
-
- &punpckldq ("mm0","mm1"); # t[0,1] collected
-
- &movz ($acc,&HB("ebx")); # 9
- &movz ($acc,&BP(-128,$tbl,$acc,1)); # 9
- &shl ($acc,8); # 9
- &or ("ecx",$acc); # 9
- &and ("ebx",0xff); # 8
- &movz ("ebx",&BP(-128,$tbl,"ebx",1)); # 8
- &or ("edx","ebx"); # 8
- &movz ($acc,&LB("eax")); # 2
- &movz ($acc,&BP(-128,$tbl,$acc,1)); # 2
- &shl ($acc,16); # 2
- &or ("edx",$acc); # 2
- &movd ("mm4","edx"); # t[2] collected
- &movz ("eax",&HB("eax")); # 3
- &movz ("eax",&BP(-128,$tbl,"eax",1)); # 3
- &shl ("eax",24); # 3
- &or ("ecx","eax"); # 3
- &movd ("mm5","ecx"); # t[3] collected
-
- &punpckldq ("mm4","mm5"); # t[2,3] collected
-}
-
- if (!$x86only) {
-&public_label("AES_Td");
-&function_begin_B("_sse_AES_decrypt_compact");
- &pxor ("mm0",&QWP(0,$key)); # 7, 6, 5, 4, 3, 2, 1, 0
- &pxor ("mm4",&QWP(8,$key)); # 15,14,13,12,11,10, 9, 8
-
- # note that caller is expected to allocate stack frame for me!
- &mov ($acc,&DWP(240,$key)); # load key->rounds
- &lea ($acc,&DWP(-2,$acc,$acc));
- &lea ($acc,&DWP(0,$key,$acc,8));
- &mov ($__end,$acc); # end of key schedule
-
- &mov ($s0,0x1b1b1b1b); # magic constant
- &mov (&DWP(8,"esp"),$s0);
- &mov (&DWP(12,"esp"),$s0);
-
- # prefetch Td4
- &mov ($s0,&DWP(0-128,$tbl));
- &mov ($s1,&DWP(32-128,$tbl));
- &mov ($s2,&DWP(64-128,$tbl));
- &mov ($s3,&DWP(96-128,$tbl));
- &mov ($s0,&DWP(128-128,$tbl));
- &mov ($s1,&DWP(160-128,$tbl));
- &mov ($s2,&DWP(192-128,$tbl));
- &mov ($s3,&DWP(224-128,$tbl));
-
- &set_label("loop",16);
- &sse_deccompact();
- &add ($key,16);
- &cmp ($key,$__end);
- &ja (&label("out"));
-
- # ROTATE(x^y,N) == ROTATE(x,N)^ROTATE(y,N)
- &movq ("mm3","mm0"); &movq ("mm7","mm4");
- &movq ("mm2","mm0",1); &movq ("mm6","mm4",1);
- &movq ("mm1","mm0"); &movq ("mm5","mm4");
- &pshufw ("mm0","mm0",0xb1); &pshufw ("mm4","mm4",0xb1);# = ROTATE(tp0,16)
- &pslld ("mm2",8); &pslld ("mm6",8);
- &psrld ("mm3",8); &psrld ("mm7",8);
- &pxor ("mm0","mm2"); &pxor ("mm4","mm6"); # ^= tp0<<8
- &pxor ("mm0","mm3"); &pxor ("mm4","mm7"); # ^= tp0>>8
- &pslld ("mm2",16); &pslld ("mm6",16);
- &psrld ("mm3",16); &psrld ("mm7",16);
- &pxor ("mm0","mm2"); &pxor ("mm4","mm6"); # ^= tp0<<24
- &pxor ("mm0","mm3"); &pxor ("mm4","mm7"); # ^= tp0>>24
-
- &movq ("mm3",&QWP(8,"esp"));
- &pxor ("mm2","mm2"); &pxor ("mm6","mm6");
- &pcmpgtb("mm2","mm1"); &pcmpgtb("mm6","mm5");
- &pand ("mm2","mm3"); &pand ("mm6","mm3");
- &paddb ("mm1","mm1"); &paddb ("mm5","mm5");
- &pxor ("mm1","mm2"); &pxor ("mm5","mm6"); # tp2
- &movq ("mm3","mm1"); &movq ("mm7","mm5");
- &movq ("mm2","mm1"); &movq ("mm6","mm5");
- &pxor ("mm0","mm1"); &pxor ("mm4","mm5"); # ^= tp2
- &pslld ("mm3",24); &pslld ("mm7",24);
- &psrld ("mm2",8); &psrld ("mm6",8);
- &pxor ("mm0","mm3"); &pxor ("mm4","mm7"); # ^= tp2<<24
- &pxor ("mm0","mm2"); &pxor ("mm4","mm6"); # ^= tp2>>8
-
- &movq ("mm2",&QWP(8,"esp"));
- &pxor ("mm3","mm3"); &pxor ("mm7","mm7");
- &pcmpgtb("mm3","mm1"); &pcmpgtb("mm7","mm5");
- &pand ("mm3","mm2"); &pand ("mm7","mm2");
- &paddb ("mm1","mm1"); &paddb ("mm5","mm5");
- &pxor ("mm1","mm3"); &pxor ("mm5","mm7"); # tp4
- &pshufw ("mm3","mm1",0xb1); &pshufw ("mm7","mm5",0xb1);
- &pxor ("mm0","mm1"); &pxor ("mm4","mm5"); # ^= tp4
- &pxor ("mm0","mm3"); &pxor ("mm4","mm7"); # ^= ROTATE(tp4,16)
-
- &pxor ("mm3","mm3"); &pxor ("mm7","mm7");
- &pcmpgtb("mm3","mm1"); &pcmpgtb("mm7","mm5");
- &pand ("mm3","mm2"); &pand ("mm7","mm2");
- &paddb ("mm1","mm1"); &paddb ("mm5","mm5");
- &pxor ("mm1","mm3"); &pxor ("mm5","mm7"); # tp8
- &pxor ("mm0","mm1"); &pxor ("mm4","mm5"); # ^= tp8
- &movq ("mm3","mm1"); &movq ("mm7","mm5");
- &pshufw ("mm2","mm1",0xb1); &pshufw ("mm6","mm5",0xb1);
- &pxor ("mm0","mm2"); &pxor ("mm4","mm6"); # ^= ROTATE(tp8,16)
- &pslld ("mm1",8); &pslld ("mm5",8);
- &psrld ("mm3",8); &psrld ("mm7",8);
- &movq ("mm2",&QWP(0,$key)); &movq ("mm6",&QWP(8,$key));
- &pxor ("mm0","mm1"); &pxor ("mm4","mm5"); # ^= tp8<<8
- &pxor ("mm0","mm3"); &pxor ("mm4","mm7"); # ^= tp8>>8
- &mov ($s0,&DWP(0-128,$tbl));
- &pslld ("mm1",16); &pslld ("mm5",16);
- &mov ($s1,&DWP(64-128,$tbl));
- &psrld ("mm3",16); &psrld ("mm7",16);
- &mov ($s2,&DWP(128-128,$tbl));
- &pxor ("mm0","mm1"); &pxor ("mm4","mm5"); # ^= tp8<<24
- &mov ($s3,&DWP(192-128,$tbl));
- &pxor ("mm0","mm3"); &pxor ("mm4","mm7"); # ^= tp8>>24
-
- &pxor ("mm0","mm2"); &pxor ("mm4","mm6");
- &jmp (&label("loop"));
-
- &set_label("out",16);
- &pxor ("mm0",&QWP(0,$key));
- &pxor ("mm4",&QWP(8,$key));
-
- &ret ();
-&function_end_B("_sse_AES_decrypt_compact");
- }
-
-######################################################################
-# Vanilla block function.
-######################################################################
+#------------------------------------------------------------------#
sub decstep()
{ my ($i,$td,@s) = @_;
# optimal... or rather that all attempts to reorder didn't
# result in better performance [which by the way is not a
# bit lower than ecryption].
- if($i==3) { &mov ($key,$__key); }
+ if($i==3) { &mov ($key,&DWP(12,"esp")); }
else { &mov ($out,$s[0]); }
&and ($out,0xFF);
&mov ($out,&DWP(0,$td,$out,8));
&and ($tmp,0xFF);
&xor ($out,&DWP(2,$td,$tmp,8));
- if ($i==3) { $tmp=$s[3]; &mov ($s[2],$__s1); }
+ if ($i==3) { $tmp=$s[3]; &mov ($s[2],&DWP(8,"esp")); }
else { &mov ($tmp,$s[3]); }
&shr ($tmp,24);
&xor ($out,&DWP(1,$td,$tmp,8));
if ($i<2) { &mov (&DWP(4+4*$i,"esp"),$out); }
- if ($i==3) { &mov ($s[3],$__s0); }
+ if ($i==3) { &mov ($s[3],&DWP(4,"esp")); }
&comment();
}
my $tmp = $key;
my $out = $i==3?$s[0]:$acc;
- if($i==0) { &lea ($td,&DWP(2048+128,$td));
- &mov ($tmp,&DWP(0-128,$td));
- &mov ($acc,&DWP(32-128,$td));
- &mov ($tmp,&DWP(64-128,$td));
- &mov ($acc,&DWP(96-128,$td));
- &mov ($tmp,&DWP(128-128,$td));
- &mov ($acc,&DWP(160-128,$td));
- &mov ($tmp,&DWP(192-128,$td));
- &mov ($acc,&DWP(224-128,$td));
- &lea ($td,&DWP(-128,$td)); }
- if($i==3) { &mov ($key,$__key); }
+ if($i==3) { &mov ($key,&DWP(12,"esp")); }
else { &mov ($out,$s[0]); }
&and ($out,0xFF);
- &movz ($out,&BP(0,$td,$out,1));
+ &movz ($out,&BP(2048,$td,$out,1));
if ($i==3) { $tmp=$s[1]; }
&movz ($tmp,&HB($s[1]));
- &movz ($tmp,&BP(0,$td,$tmp,1));
+ &movz ($tmp,&BP(2048,$td,$tmp,1));
&shl ($tmp,8);
&xor ($out,$tmp);
else { mov ($tmp,$s[2]); }
&shr ($tmp,16);
&and ($tmp,0xFF);
- &movz ($tmp,&BP(0,$td,$tmp,1));
+ &movz ($tmp,&BP(2048,$td,$tmp,1));
&shl ($tmp,16);
&xor ($out,$tmp);
- if ($i==3) { $tmp=$s[3]; &mov ($s[2],$__s1); }
+ if ($i==3) { $tmp=$s[3]; &mov ($s[2],&DWP(8,"esp")); }
else { &mov ($tmp,$s[3]); }
&shr ($tmp,24);
- &movz ($tmp,&BP(0,$td,$tmp,1));
+ &movz ($tmp,&BP(2048,$td,$tmp,1));
&shl ($tmp,24);
&xor ($out,$tmp);
if ($i<2) { &mov (&DWP(4+4*$i,"esp"),$out); }
- if ($i==3) { &mov ($s[3],$__s0);
- &lea ($td,&DWP(-2048,$td)); }
+ if ($i==3) { &mov ($s[3],&DWP(4,"esp")); }
}
&public_label("AES_Td");
&function_begin_B("_x86_AES_decrypt");
# note that caller is expected to allocate stack frame for me!
- &mov ($__key,$key); # save key
+ &mov (&DWP(12,"esp"),$key); # save key
&xor ($s0,&DWP(0,$key)); # xor with key
&xor ($s1,&DWP(4,$key));
if ($small_footprint) {
&lea ($acc,&DWP(-2,$acc,$acc));
&lea ($acc,&DWP(0,$key,$acc,8));
- &mov ($__end,$acc); # end of key schedule
- &set_label("loop",16);
- &decstep(0,$tbl,$s0,$s3,$s2,$s1);
- &decstep(1,$tbl,$s1,$s0,$s3,$s2);
- &decstep(2,$tbl,$s2,$s1,$s0,$s3);
- &decstep(3,$tbl,$s3,$s2,$s1,$s0);
+ &mov (&DWP(16,"esp"),$acc); # end of key schedule
+ &align (4);
+ &set_label("loop");
+ &decstep(0,"ebp",$s0,$s3,$s2,$s1);
+ &decstep(1,"ebp",$s1,$s0,$s3,$s2);
+ &decstep(2,"ebp",$s2,$s1,$s0,$s3);
+ &decstep(3,"ebp",$s3,$s2,$s1,$s0);
&add ($key,16); # advance rd_key
&xor ($s0,&DWP(0,$key));
&xor ($s1,&DWP(4,$key));
&xor ($s2,&DWP(8,$key));
&xor ($s3,&DWP(12,$key));
- &cmp ($key,$__end);
- &mov ($__key,$key);
+ &cmp ($key,&DWP(16,"esp"));
+ &mov (&DWP(12,"esp"),$key);
&jb (&label("loop"));
}
else {
&cmp ($acc,12);
&jle (&label("12rounds"));
- &set_label("14rounds",4);
+ &set_label("14rounds");
for ($i=1;$i<3;$i++) {
- &decstep(0,$tbl,$s0,$s3,$s2,$s1);
- &decstep(1,$tbl,$s1,$s0,$s3,$s2);
- &decstep(2,$tbl,$s2,$s1,$s0,$s3);
- &decstep(3,$tbl,$s3,$s2,$s1,$s0);
+ &decstep(0,"ebp",$s0,$s3,$s2,$s1);
+ &decstep(1,"ebp",$s1,$s0,$s3,$s2);
+ &decstep(2,"ebp",$s2,$s1,$s0,$s3);
+ &decstep(3,"ebp",$s3,$s2,$s1,$s0);
&xor ($s0,&DWP(16*$i+0,$key));
&xor ($s1,&DWP(16*$i+4,$key));
&xor ($s2,&DWP(16*$i+8,$key));
&xor ($s3,&DWP(16*$i+12,$key));
}
&add ($key,32);
- &mov ($__key,$key); # advance rd_key
- &set_label("12rounds",4);
+ &mov (&DWP(12,"esp"),$key); # advance rd_key
+ &set_label("12rounds");
for ($i=1;$i<3;$i++) {
- &decstep(0,$tbl,$s0,$s3,$s2,$s1);
- &decstep(1,$tbl,$s1,$s0,$s3,$s2);
- &decstep(2,$tbl,$s2,$s1,$s0,$s3);
- &decstep(3,$tbl,$s3,$s2,$s1,$s0);
+ &decstep(0,"ebp",$s0,$s3,$s2,$s1);
+ &decstep(1,"ebp",$s1,$s0,$s3,$s2);
+ &decstep(2,"ebp",$s2,$s1,$s0,$s3);
+ &decstep(3,"ebp",$s3,$s2,$s1,$s0);
&xor ($s0,&DWP(16*$i+0,$key));
&xor ($s1,&DWP(16*$i+4,$key));
&xor ($s2,&DWP(16*$i+8,$key));
&xor ($s3,&DWP(16*$i+12,$key));
}
&add ($key,32);
- &mov ($__key,$key); # advance rd_key
- &set_label("10rounds",4);
+ &mov (&DWP(12,"esp"),$key); # advance rd_key
+ &set_label("10rounds");
for ($i=1;$i<10;$i++) {
- &decstep(0,$tbl,$s0,$s3,$s2,$s1);
- &decstep(1,$tbl,$s1,$s0,$s3,$s2);
- &decstep(2,$tbl,$s2,$s1,$s0,$s3);
- &decstep(3,$tbl,$s3,$s2,$s1,$s0);
+ &decstep(0,"ebp",$s0,$s3,$s2,$s1);
+ &decstep(1,"ebp",$s1,$s0,$s3,$s2);
+ &decstep(2,"ebp",$s2,$s1,$s0,$s3);
+ &decstep(3,"ebp",$s3,$s2,$s1,$s0);
&xor ($s0,&DWP(16*$i+0,$key));
&xor ($s1,&DWP(16*$i+4,$key));
&xor ($s2,&DWP(16*$i+8,$key));
}
}
- &declast(0,$tbl,$s0,$s3,$s2,$s1);
- &declast(1,$tbl,$s1,$s0,$s3,$s2);
- &declast(2,$tbl,$s2,$s1,$s0,$s3);
- &declast(3,$tbl,$s3,$s2,$s1,$s0);
+ &declast(0,"ebp",$s0,$s3,$s2,$s1);
+ &declast(1,"ebp",$s1,$s0,$s3,$s2);
+ &declast(2,"ebp",$s2,$s1,$s0,$s3);
+ &declast(3,"ebp",$s3,$s2,$s1,$s0);
&add ($key,$small_footprint?16:160);
&xor ($s0,&DWP(0,$key));
&_data_word(0x72c31d16, 0x0c25e2bc, 0x8b493c28, 0x41950dff);
&_data_word(0x7101a839, 0xdeb30c08, 0x9ce4b4d8, 0x90c15664);
&_data_word(0x6184cb7b, 0x70b632d5, 0x745c6c48, 0x4257b8d0);
-
-#Td4: # four copies of Td4 to choose from to avoid L1 aliasing
+#Td4:
&data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38);
&data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb);
&data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87);
&data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61);
&data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26);
&data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d);
+&function_end_B("_x86_AES_decrypt");
- &data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38);
- &data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb);
- &data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87);
- &data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb);
- &data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d);
- &data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e);
- &data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2);
- &data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25);
- &data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16);
- &data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92);
- &data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda);
- &data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84);
- &data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a);
- &data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06);
- &data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02);
- &data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b);
- &data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea);
- &data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73);
- &data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85);
- &data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e);
- &data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89);
- &data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b);
- &data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20);
- &data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4);
- &data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31);
- &data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f);
- &data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d);
- &data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef);
- &data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0);
- &data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61);
- &data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26);
- &data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d);
+# void AES_decrypt (const void *inp,void *out,const AES_KEY *key);
+&public_label("AES_Td");
+&function_begin("AES_decrypt");
+ &mov ($acc,&wparam(0)); # load inp
+ &mov ($key,&wparam(2)); # load key
- &data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38);
- &data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb);
- &data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87);
- &data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb);
- &data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d);
- &data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e);
- &data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2);
- &data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25);
- &data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16);
- &data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92);
- &data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda);
- &data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84);
- &data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a);
- &data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06);
- &data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02);
- &data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b);
- &data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea);
- &data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73);
- &data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85);
- &data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e);
- &data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89);
- &data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b);
- &data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20);
- &data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4);
- &data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31);
- &data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f);
- &data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d);
- &data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef);
- &data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0);
- &data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61);
- &data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26);
- &data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d);
-
- &data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38);
- &data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb);
- &data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87);
- &data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb);
- &data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d);
- &data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e);
- &data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2);
- &data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25);
- &data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16);
- &data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92);
- &data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda);
- &data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84);
- &data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a);
- &data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06);
- &data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02);
- &data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b);
- &data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea);
- &data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73);
- &data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85);
- &data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e);
- &data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89);
- &data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b);
- &data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20);
- &data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4);
- &data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31);
- &data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f);
- &data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d);
- &data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef);
- &data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0);
- &data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61);
- &data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26);
- &data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d);
-&function_end_B("_x86_AES_decrypt");
-
-# void AES_decrypt (const void *inp,void *out,const AES_KEY *key);
-&public_label("AES_Td");
-&function_begin("AES_decrypt");
- &mov ($acc,&wparam(0)); # load inp
- &mov ($key,&wparam(2)); # load key
-
- &mov ($s0,"esp");
- &sub ("esp",36);
- &and ("esp",-64); # align to cache-line
-
- # place stack frame just "above" the key schedule
- &lea ($s1,&DWP(-64-63,$key));
- &sub ($s1,"esp");
- &neg ($s1);
- &and ($s1,0x3C0); # modulo 1024, but aligned to cache-line
- &sub ("esp",$s1);
- &add ("esp",4); # 4 is reserved for caller's return address
- &mov ($_esp,$s0); # save stack pointer
+ &mov ($s0,"esp");
+ &sub ("esp",24);
+ &and ("esp",-64);
+ &add ("esp",4);
+ &mov (&DWP(16,"esp"),$s0);
&call (&label("pic_point")); # make it PIC!
&set_label("pic_point");
- &blindpop($tbl);
- &picmeup($s0,"OPENSSL_ia32cap_P",$tbl,&label("pic_point")) if(!$x86only);
- &lea ($tbl,&DWP(&label("AES_Td")."-".&label("pic_point"),$tbl));
-
- # pick Td4 copy which can't "overlap" with stack frame or key schedule
- &lea ($s1,&DWP(768-4,"esp"));
- &sub ($s1,$tbl);
- &and ($s1,0x300);
- &lea ($tbl,&DWP(2048+128,$tbl,$s1));
-
- if (!$x86only) {
- &bt (&DWP(0,$s0),25); # check for SSE bit
- &jnc (&label("x86"));
-
- &movq ("mm0",&QWP(0,$acc));
- &movq ("mm4",&QWP(8,$acc));
- &call ("_sse_AES_decrypt_compact");
- &mov ("esp",$_esp); # restore stack pointer
- &mov ($acc,&wparam(1)); # load out
- &movq (&QWP(0,$acc),"mm0"); # write output data
- &movq (&QWP(8,$acc),"mm4");
- &emms ();
- &function_end_A();
- }
- &set_label("x86",16);
- &mov ($_tbl,$tbl);
+ &blindpop("ebp");
+ &lea ("ebp",&DWP(&label("AES_Td")."-".&label("pic_point"),"ebp"));
+
+ # prefetch Td4
+ &lea ("ebp",&DWP(2048+128,"ebp"));
+ &mov ($s0,&DWP(0-128,"ebp"));
+ &mov ($s1,&DWP(32-128,"ebp"));
+ &mov ($s2,&DWP(64-128,"ebp"));
+ &mov ($s3,&DWP(96-128,"ebp"));
+ &mov ($s0,&DWP(128-128,"ebp"));
+ &mov ($s1,&DWP(160-128,"ebp"));
+ &mov ($s2,&DWP(192-128,"ebp"));
+ &mov ($s3,&DWP(224-128,"ebp"));
+ &lea ("ebp",&DWP(-2048-128,"ebp"));
+
&mov ($s0,&DWP(0,$acc)); # load input data
&mov ($s1,&DWP(4,$acc));
&mov ($s2,&DWP(8,$acc));
&mov ($s3,&DWP(12,$acc));
- &call ("_x86_AES_decrypt_compact");
- &mov ("esp",$_esp); # restore stack pointer
+
+ &call ("_x86_AES_decrypt");
+
+ &mov ("esp",&DWP(16,"esp"));
+
&mov ($acc,&wparam(1)); # load out
&mov (&DWP(0,$acc),$s0); # write output data
&mov (&DWP(4,$acc),$s1);
# unsigned char *ivp,const int enc);
{
# stack frame layout
-# -4(%esp) # return address 0(%esp)
-# 0(%esp) # s0 backing store 4(%esp)
-# 4(%esp) # s1 backing store 8(%esp)
-# 8(%esp) # s2 backing store 12(%esp)
-# 12(%esp) # s3 backing store 16(%esp)
-# 16(%esp) # key backup 20(%esp)
-# 20(%esp) # end of key schedule 24(%esp)
-# 24(%esp) # %ebp backup 28(%esp)
-# 28(%esp) # %esp backup
-my $_inp=&DWP(32,"esp"); # copy of wparam(0)
-my $_out=&DWP(36,"esp"); # copy of wparam(1)
-my $_len=&DWP(40,"esp"); # copy of wparam(2)
-my $_key=&DWP(44,"esp"); # copy of wparam(3)
-my $_ivp=&DWP(48,"esp"); # copy of wparam(4)
-my $_tmp=&DWP(52,"esp"); # volatile variable
-#
-my $ivec=&DWP(60,"esp"); # ivec[16]
-my $aes_key=&DWP(76,"esp"); # copy of aes_key
-my $mark=&DWP(76+240,"esp"); # copy of aes_key->rounds
+# -4(%esp) 0(%esp) return address
+# 0(%esp) 4(%esp) tmp1
+# 4(%esp) 8(%esp) tmp2
+# 8(%esp) 12(%esp) key
+# 12(%esp) 16(%esp) end of key schedule
+my $_esp=&DWP(16,"esp"); #saved %esp
+my $_inp=&DWP(20,"esp"); #copy of wparam(0)
+my $_out=&DWP(24,"esp"); #copy of wparam(1)
+my $_len=&DWP(28,"esp"); #copy of wparam(2)
+my $_key=&DWP(32,"esp"); #copy of wparam(3)
+my $_ivp=&DWP(36,"esp"); #copy of wparam(4)
+my $_tmp=&DWP(40,"esp"); #volatile variable
+my $ivec=&DWP(44,"esp"); #ivec[16]
+my $aes_key=&DWP(60,"esp"); #copy of aes_key
+my $mark=&DWP(60+240,"esp"); #copy of aes_key->rounds
&public_label("AES_Te");
&public_label("AES_Td");
&function_begin("AES_cbc_encrypt");
&mov ($s2 eq "ecx"? $s2 : "",&wparam(2)); # load len
&cmp ($s2,0);
- &je (&label("drop_out"));
+ &je (&label("enc_out"));
&call (&label("pic_point")); # make it PIC!
&set_label("pic_point");
- &blindpop($tbl);
- &picmeup($s0,"OPENSSL_ia32cap_P",$tbl,&label("pic_point")) if(!$x86only);
-
- &cmp (&wparam(5),0);
- &lea ($tbl,&DWP(&label("AES_Te")."-".&label("pic_point"),$tbl));
- &jne (&label("picked_te"));
- &lea ($tbl,&DWP(&label("AES_Td")."-".&label("AES_Te"),$tbl));
- &set_label("picked_te");
+ &blindpop("ebp");
- # one can argue if this is required
&pushf ();
&cld ();
- &cmp ($s2,$speed_limit);
- &jb (&label("slow_way"));
- &test ($s2,15);
- &jnz (&label("slow_way"));
- if (!$x86only) {
- &bt (&DWP(0,$s0),28); # check for hyper-threading bit
- &jc (&label("slow_way"));
- }
- # pre-allocate aligned stack frame...
- &lea ($acc,&DWP(-80-244,"esp"));
- &and ($acc,-64);
-
- # ... and make sure it doesn't alias with $tbl modulo 4096
- &mov ($s0,$tbl);
- &lea ($s1,&DWP(2048+256,$tbl));
- &mov ($s3,$acc);
+ &cmp (&wparam(5),0);
+ &je (&label("DECRYPT"));
+
+ &lea ("ebp",&DWP(&label("AES_Te")."-".&label("pic_point"),"ebp"));
+
+ # allocate aligned stack frame...
+ &lea ($key,&DWP(-64-244,"esp"));
+ &and ($key,-64);
+
+ # ... and make sure it doesn't alias with AES_Te modulo 4096
+ &mov ($s0,"ebp");
+ &lea ($s1,&DWP(2048,"ebp"));
+ &mov ($s3,$key);
&and ($s0,0xfff); # s = %ebp&0xfff
- &and ($s1,0xfff); # e = (%ebp+2048+256)&0xfff
+ &and ($s1,0xfff); # e = (%ebp+2048)&0xfff
&and ($s3,0xfff); # p = %esp&0xfff
&cmp ($s3,$s1); # if (p>=e) %esp =- (p-e);
- &jb (&label("tbl_break_out"));
+ &jb (&label("te_break_out"));
&sub ($s3,$s1);
- &sub ($acc,$s3);
- &jmp (&label("tbl_ok"));
- &set_label("tbl_break_out",4); # else %esp -= (p-s)&0xfff + framesz;
+ &sub ($key,$s3);
+ &jmp (&label("te_ok"));
+ &set_label("te_break_out"); # else %esp -= (p-s)&0xfff + framesz;
&sub ($s3,$s0);
&and ($s3,0xfff);
- &add ($s3,384);
- &sub ($acc,$s3);
- &set_label("tbl_ok",4);
+ &add ($s3,64+256);
+ &sub ($key,$s3);
+ &align (4);
+ &set_label("te_ok");
- &lea ($s3,&wparam(0)); # obtain pointer to parameter block
- &exch ("esp",$acc); # allocate stack frame
- &add ("esp",4); # reserve for return address!
- &mov ($_tbl,$tbl); # save %ebp
- &mov ($_esp,$acc); # save %esp
+ &mov ($s0,&wparam(0)); # load inp
+ &mov ($s1,&wparam(1)); # load out
+ &mov ($s3,&wparam(3)); # load key
+ &mov ($acc,&wparam(4)); # load ivp
- &mov ($s0,&DWP(0,$s3)); # load inp
- &mov ($s1,&DWP(4,$s3)); # load out
- #&mov ($s2,&DWP(8,$s3)); # load len
- &mov ($key,&DWP(12,$s3)); # load key
- &mov ($acc,&DWP(16,$s3)); # load ivp
- &mov ($s3,&DWP(20,$s3)); # load enc flag
+ &exch ("esp",$key);
+ &add ("esp",4); # reserve for return address!
+ &mov ($_esp,$key); # save %esp
&mov ($_inp,$s0); # save copy of inp
&mov ($_out,$s1); # save copy of out
&mov ($_len,$s2); # save copy of len
- &mov ($_key,$key); # save copy of key
+ &mov ($_key,$s3); # save copy of key
&mov ($_ivp,$acc); # save copy of ivp
&mov ($mark,0); # copy of aes_key->rounds = 0;
+ if ($compromise) {
+ &cmp ($s2,$compromise);
+ &jb (&label("skip_ecopy"));
+ }
# do we copy key schedule to stack?
- &mov ($s1 eq "ebx" ? $s1 : "",$key);
+ &mov ($s1 eq "ebx" ? $s1 : "",$s3);
&mov ($s2 eq "ecx" ? $s2 : "",244/4);
- &sub ($s1,$tbl);
- &mov ("esi",$key);
+ &sub ($s1,"ebp");
+ &mov ("esi",$s3);
&and ($s1,0xfff);
&lea ("edi",$aes_key);
- &cmp ($s1,2048+256);
- &jb (&label("do_copy"));
+ &cmp ($s1,2048);
+ &jb (&label("do_ecopy"));
&cmp ($s1,4096-244);
- &jb (&label("skip_copy"));
- &set_label("do_copy",4);
+ &jb (&label("skip_ecopy"));
+ &align (4);
+ &set_label("do_ecopy");
&mov ($_key,"edi");
&data_word(0xA5F3F689); # rep movsd
- &set_label("skip_copy");
+ &set_label("skip_ecopy");
+ &mov ($acc,$s0);
&mov ($key,16);
- &set_label("prefetch_tbl",4);
- &mov ($s0,&DWP(0,$tbl));
- &mov ($s1,&DWP(32,$tbl));
- &mov ($s2,&DWP(64,$tbl));
- &mov ($acc,&DWP(96,$tbl));
- &lea ($tbl,&DWP(128,$tbl));
- &sub ($key,1);
- &jnz (&label("prefetch_tbl"));
- &sub ($tbl,2048);
-
- &mov ($acc,$_inp);
+ &align (4);
+ &set_label("prefetch_te");
+ &mov ($s0,&DWP(0,"ebp"));
+ &mov ($s1,&DWP(32,"ebp"));
+ &mov ($s2,&DWP(64,"ebp"));
+ &mov ($s3,&DWP(96,"ebp"));
+ &lea ("ebp",&DWP(128,"ebp"));
+ &dec ($key);
+ &jnz (&label("prefetch_te"));
+ &sub ("ebp",2048);
+
+ &mov ($s2,$_len);
&mov ($key,$_ivp);
+ &test ($s2,0xFFFFFFF0);
+ &jz (&label("enc_tail")); # short input...
- &cmp ($s3,0);
- &je (&label("fast_decrypt"));
-
-#----------------------------- ENCRYPT -----------------------------#
&mov ($s0,&DWP(0,$key)); # load iv
&mov ($s1,&DWP(4,$key));
- &set_label("fast_enc_loop",16);
+ &align (4);
+ &set_label("enc_loop");
&mov ($s2,&DWP(8,$key));
&mov ($s3,&DWP(12,$key));
&mov (&DWP(8,$key),$s2);
&mov (&DWP(12,$key),$s3);
- &lea ($acc,&DWP(16,$acc)); # advance inp
&mov ($s2,$_len); # load len
+
+ &lea ($acc,&DWP(16,$acc));
&mov ($_inp,$acc); # save inp
- &lea ($s3,&DWP(16,$key)); # advance out
+
+ &lea ($s3,&DWP(16,$key));
&mov ($_out,$s3); # save out
- &sub ($s2,16); # decrease len
+
+ &sub ($s2,16);
+ &test ($s2,0xFFFFFFF0);
&mov ($_len,$s2); # save len
- &jnz (&label("fast_enc_loop"));
+ &jnz (&label("enc_loop"));
+ &test ($s2,15);
+ &jnz (&label("enc_tail"));
&mov ($acc,$_ivp); # load ivp
- &mov ($s2,&DWP(8,$key)); # restore last 2 dwords
+ &mov ($s2,&DWP(8,$key)); # restore last dwords
&mov ($s3,&DWP(12,$key));
&mov (&DWP(0,$acc),$s0); # save ivec
&mov (&DWP(4,$acc),$s1);
&set_label("skip_ezero")
&mov ("esp",$_esp);
&popf ();
- &set_label("drop_out");
+ &set_label("enc_out");
&function_end_A();
&pushf (); # kludge, never executed
+ &align (4);
+ &set_label("enc_tail");
+ &push ($key eq "edi" ? $key : ""); # push ivp
+ &mov ($key,$_out); # load out
+ &mov ($s1,16);
+ &sub ($s1,$s2);
+ &cmp ($key,$acc); # compare with inp
+ &je (&label("enc_in_place"));
+ &align (4);
+ &data_word(0xA4F3F689); # rep movsb # copy input
+ &jmp (&label("enc_skip_in_place"));
+ &set_label("enc_in_place");
+ &lea ($key,&DWP(0,$key,$s2));
+ &set_label("enc_skip_in_place");
+ &mov ($s2,$s1);
+ &xor ($s0,$s0);
+ &align (4);
+ &data_word(0xAAF3F689); # rep stosb # zero tail
+ &pop ($key); # pop ivp
+
+ &mov ($acc,$_out); # output as input
+ &mov ($s0,&DWP(0,$key));
+ &mov ($s1,&DWP(4,$key));
+ &mov ($_len,16); # len=16
+ &jmp (&label("enc_loop")); # one more spin...
+
#----------------------------- DECRYPT -----------------------------#
-&set_label("fast_decrypt",16);
+&align (4);
+&set_label("DECRYPT");
+ &lea ("ebp",&DWP(&label("AES_Td")."-".&label("pic_point"),"ebp"));
+
+ # allocate aligned stack frame...
+ &lea ($key,&DWP(-64-244,"esp"));
+ &and ($key,-64);
+
+ # ... and make sure it doesn't alias with AES_Td modulo 4096
+ &mov ($s0,"ebp");
+ &lea ($s1,&DWP(2048+256,"ebp"));
+ &mov ($s3,$key);
+ &and ($s0,0xfff); # s = %ebp&0xfff
+ &and ($s1,0xfff); # e = (%ebp+2048+256)&0xfff
+ &and ($s3,0xfff); # p = %esp&0xfff
+
+ &cmp ($s3,$s1); # if (p>=e) %esp =- (p-e);
+ &jb (&label("td_break_out"));
+ &sub ($s3,$s1);
+ &sub ($key,$s3);
+ &jmp (&label("td_ok"));
+ &set_label("td_break_out"); # else %esp -= (p-s)&0xfff + framesz;
+ &sub ($s3,$s0);
+ &and ($s3,0xfff);
+ &add ($s3,64+256);
+ &sub ($key,$s3);
+ &align (4);
+ &set_label("td_ok");
+
+ &mov ($s0,&wparam(0)); # load inp
+ &mov ($s1,&wparam(1)); # load out
+ &mov ($s3,&wparam(3)); # load key
+ &mov ($acc,&wparam(4)); # load ivp
+
+ &exch ("esp",$key);
+ &add ("esp",4); # reserve for return address!
+ &mov ($_esp,$key); # save %esp
+
+ &mov ($_inp,$s0); # save copy of inp
+ &mov ($_out,$s1); # save copy of out
+ &mov ($_len,$s2); # save copy of len
+ &mov ($_key,$s3); # save copy of key
+ &mov ($_ivp,$acc); # save copy of ivp
+
+ &mov ($mark,0); # copy of aes_key->rounds = 0;
+ if ($compromise) {
+ &cmp ($s2,$compromise);
+ &jb (&label("skip_dcopy"));
+ }
+ # do we copy key schedule to stack?
+ &mov ($s1 eq "ebx" ? $s1 : "",$s3);
+ &mov ($s2 eq "ecx" ? $s2 : "",244/4);
+ &sub ($s1,"ebp");
+ &mov ("esi",$s3);
+ &and ($s1,0xfff);
+ &lea ("edi",$aes_key);
+ &cmp ($s1,2048+256);
+ &jb (&label("do_dcopy"));
+ &cmp ($s1,4096-244);
+ &jb (&label("skip_dcopy"));
+ &align (4);
+ &set_label("do_dcopy");
+ &mov ($_key,"edi");
+ &data_word(0xA5F3F689); # rep movsd
+ &set_label("skip_dcopy");
+
+ &mov ($acc,$s0);
+ &mov ($key,18);
+ &align (4);
+ &set_label("prefetch_td");
+ &mov ($s0,&DWP(0,"ebp"));
+ &mov ($s1,&DWP(32,"ebp"));
+ &mov ($s2,&DWP(64,"ebp"));
+ &mov ($s3,&DWP(96,"ebp"));
+ &lea ("ebp",&DWP(128,"ebp"));
+ &dec ($key);
+ &jnz (&label("prefetch_td"));
+ &sub ("ebp",2048+256);
&cmp ($acc,$_out);
- &je (&label("fast_dec_in_place")); # in-place processing...
+ &je (&label("dec_in_place")); # in-place processing...
+ &mov ($key,$_ivp); # load ivp
&mov ($_tmp,$key);
&align (4);
- &set_label("fast_dec_loop",16);
+ &set_label("dec_loop");
&mov ($s0,&DWP(0,$acc)); # read input
&mov ($s1,&DWP(4,$acc));
&mov ($s2,&DWP(8,$acc));
&xor ($s2,&DWP(8,$key));
&xor ($s3,&DWP(12,$key));
- &mov ($key,$_out); # load out
+ &sub ($acc,16);
+ &jc (&label("dec_partial"));
+ &mov ($_len,$acc); # save len
&mov ($acc,$_inp); # load inp
+ &mov ($key,$_out); # load out
&mov (&DWP(0,$key),$s0); # write output
&mov (&DWP(4,$key),$s1);
&mov (&DWP(8,$key),$s2);
&mov (&DWP(12,$key),$s3);
- &mov ($s2,$_len); # load len
&mov ($_tmp,$acc); # save ivp
- &lea ($acc,&DWP(16,$acc)); # advance inp
+ &lea ($acc,&DWP(16,$acc));
&mov ($_inp,$acc); # save inp
- &lea ($key,&DWP(16,$key)); # advance out
+
+ &lea ($key,&DWP(16,$key));
&mov ($_out,$key); # save out
- &sub ($s2,16); # decrease len
- &mov ($_len,$s2); # save len
- &jnz (&label("fast_dec_loop"));
+
+ &jnz (&label("dec_loop"));
&mov ($key,$_tmp); # load temp ivp
+ &set_label("dec_end");
&mov ($acc,$_ivp); # load user ivp
&mov ($s0,&DWP(0,$key)); # load iv
&mov ($s1,&DWP(4,$key));
&mov (&DWP(4,$acc),$s1);
&mov (&DWP(8,$acc),$s2);
&mov (&DWP(12,$acc),$s3);
- &jmp (&label("fast_dec_out"));
+ &jmp (&label("dec_out"));
- &set_label("fast_dec_in_place",16);
- &set_label("fast_dec_in_place_loop");
+ &align (4);
+ &set_label("dec_partial");
+ &lea ($key,$ivec);
+ &mov (&DWP(0,$key),$s0); # dump output to stack
+ &mov (&DWP(4,$key),$s1);
+ &mov (&DWP(8,$key),$s2);
+ &mov (&DWP(12,$key),$s3);
+ &lea ($s2 eq "ecx" ? $s2 : "",&DWP(16,$acc));
+ &mov ($acc eq "esi" ? $acc : "",$key);
+ &mov ($key eq "edi" ? $key : "",$_out); # load out
+ &data_word(0xA4F3F689); # rep movsb # copy output
+ &mov ($key,$_inp); # use inp as temp ivp
+ &jmp (&label("dec_end"));
+
+ &align (4);
+ &set_label("dec_in_place");
+ &set_label("dec_in_place_loop");
+ &lea ($key,$ivec);
&mov ($s0,&DWP(0,$acc)); # read input
&mov ($s1,&DWP(4,$acc));
&mov ($s2,&DWP(8,$acc));
&mov ($s3,&DWP(12,$acc));
- &lea ($key,$ivec);
&mov (&DWP(0,$key),$s0); # copy to temp
&mov (&DWP(4,$key),$s1);
&mov (&DWP(8,$key),$s2);
&mov (&DWP(8,$acc),$s2);
&mov (&DWP(12,$acc),$s3);
- &lea ($acc,&DWP(16,$acc)); # advance out
+ &lea ($acc,&DWP(16,$acc));
&mov ($_out,$acc); # save out
&lea ($acc,$ivec);
&mov (&DWP(12,$key),$s3);
&mov ($acc,$_inp); # load inp
- &mov ($s2,$_len); # load len
- &lea ($acc,&DWP(16,$acc)); # advance inp
- &mov ($_inp,$acc); # save inp
- &sub ($s2,16); # decrease len
- &mov ($_len,$s2); # save len
- &jnz (&label("fast_dec_in_place_loop"));
-
- &set_label("fast_dec_out",4);
- &cmp ($mark,0); # was the key schedule copied?
- &mov ("edi",$_key);
- &je (&label("skip_dzero"));
- # zero copy of key schedule
- &mov ("ecx",240/4);
- &xor ("eax","eax");
- &align (4);
- &data_word(0xABF3F689); # rep stosd
- &set_label("skip_dzero")
- &mov ("esp",$_esp);
- &popf ();
- &function_end_A();
- &pushf (); # kludge, never executed
-
-#--------------------------- SLOW ROUTINE ---------------------------#
-&set_label("slow_way",16);
-
- &mov ($s0,&DWP(0,$s0)) if (!$x86only);# load OPENSSL_ia32cap
- &mov ($key,&wparam(3)); # load key
-
- # pre-allocate aligned stack frame...
- &lea ($acc,&DWP(-80,"esp"));
- &and ($acc,-64);
-
- # ... and make sure it doesn't alias with $key modulo 1024
- &lea ($s1,&DWP(-80-63,$key));
- &sub ($s1,$acc);
- &neg ($s1);
- &and ($s1,0x3C0); # modulo 1024, but aligned to cache-line
- &sub ($acc,$s1);
-
- # pick S-box copy which can't overlap with stack frame or $key
- &lea ($s1,&DWP(768,$acc));
- &sub ($s1,$tbl);
- &and ($s1,0x300);
- &lea ($tbl,&DWP(2048+128,$tbl,$s1));
-
- &lea ($s3,&wparam(0)); # pointer to parameter block
-
- &exch ("esp",$acc);
- &add ("esp",4); # reserve for return address!
- &mov ($_tbl,$tbl); # save %ebp
- &mov ($_esp,$acc); # save %esp
- &mov ($_tmp,$s0); # save OPENSSL_ia32cap
-
- &mov ($s0,&DWP(0,$s3)); # load inp
- &mov ($s1,&DWP(4,$s3)); # load out
- #&mov ($s2,&DWP(8,$s3)); # load len
- #&mov ($key,&DWP(12,$s3)); # load key
- &mov ($acc,&DWP(16,$s3)); # load ivp
- &mov ($s3,&DWP(20,$s3)); # load enc flag
-
- &mov ($_inp,$s0); # save copy of inp
- &mov ($_out,$s1); # save copy of out
- &mov ($_len,$s2); # save copy of len
- &mov ($_key,$key); # save copy of key
- &mov ($_ivp,$acc); # save copy of ivp
-
- &mov ($key,$acc);
- &mov ($acc,$s0);
-
- &cmp ($s3,0);
- &je (&label("slow_decrypt"));
-
-#--------------------------- SLOW ENCRYPT ---------------------------#
- &cmp ($s2,16);
- &jb (&label("slow_enc_tail"));
-
- if (!$x86only) {
- &bt ($_tmp,25); # check for SSE bit
- &jnc (&label("slow_enc_x86"));
-
- &movq ("mm0",&QWP(0,$key)); # load iv
- &movq ("mm4",&QWP(8,$key));
-
- &set_label("slow_enc_loop_sse",16);
- &pxor ("mm0",&QWP(0,$acc)); # xor input data
- &pxor ("mm4",&QWP(8,$acc));
-
- &mov ($key,$_key);
- &call ("_sse_AES_encrypt_compact");
-
- &mov ($acc,$_inp); # load inp
- &mov ($key,$_out); # load out
- &mov ($s2,$_len); # load len
-
- &movq (&QWP(0,$key),"mm0"); # save output data
- &movq (&QWP(8,$key),"mm4");
- &lea ($acc,&DWP(16,$acc)); # advance inp
+ &lea ($acc,&DWP(16,$acc));
&mov ($_inp,$acc); # save inp
- &lea ($s3,&DWP(16,$key)); # advance out
- &mov ($_out,$s3); # save out
- &sub ($s2,16); # decrease len
- &cmp ($s2,16);
- &mov ($_len,$s2); # save len
- &jae (&label("slow_enc_loop_sse"));
- &test ($s2,15);
- &jnz (&label("slow_enc_tail"));
- &mov ($acc,$_ivp); # load ivp
- &movq (&QWP(0,$acc),"mm0"); # save ivec
- &movq (&QWP(8,$acc),"mm4");
- &emms ();
- &mov ("esp",$_esp);
- &popf ();
- &function_end_A();
- &pushf (); # kludge, never executed
- }
- &set_label("slow_enc_x86",16);
- &mov ($s0,&DWP(0,$key)); # load iv
- &mov ($s1,&DWP(4,$key));
-
- &set_label("slow_enc_loop_x86",4);
- &mov ($s2,&DWP(8,$key));
- &mov ($s3,&DWP(12,$key));
-
- &xor ($s0,&DWP(0,$acc)); # xor input data
- &xor ($s1,&DWP(4,$acc));
- &xor ($s2,&DWP(8,$acc));
- &xor ($s3,&DWP(12,$acc));
-
- &mov ($key,$_key); # load key
- &call ("_x86_AES_encrypt_compact");
-
- &mov ($acc,$_inp); # load inp
- &mov ($key,$_out); # load out
-
- &mov (&DWP(0,$key),$s0); # save output data
- &mov (&DWP(4,$key),$s1);
- &mov (&DWP(8,$key),$s2);
- &mov (&DWP(12,$key),$s3);
&mov ($s2,$_len); # load len
- &lea ($acc,&DWP(16,$acc)); # advance inp
- &mov ($_inp,$acc); # save inp
- &lea ($s3,&DWP(16,$key)); # advance out
- &mov ($_out,$s3); # save out
- &sub ($s2,16); # decrease len
- &cmp ($s2,16);
+ &sub ($s2,16);
+ &jc (&label("dec_in_place_partial"));
&mov ($_len,$s2); # save len
- &jae (&label("slow_enc_loop_x86"));
- &test ($s2,15);
- &jnz (&label("slow_enc_tail"));
- &mov ($acc,$_ivp); # load ivp
- &mov ($s2,&DWP(8,$key)); # restore last dwords
- &mov ($s3,&DWP(12,$key));
- &mov (&DWP(0,$acc),$s0); # save ivec
- &mov (&DWP(4,$acc),$s1);
- &mov (&DWP(8,$acc),$s2);
- &mov (&DWP(12,$acc),$s3);
-
- &mov ("esp",$_esp);
- &popf ();
- &function_end_A();
- &pushf (); # kludge, never executed
-
- &set_label("slow_enc_tail",16);
- &emms () if (!$x86only);
- &mov ($key eq "edi"? $key:"",$s3); # load out to edi
- &mov ($s1,16);
- &sub ($s1,$s2);
- &cmp ($key,$acc eq "esi"? $acc:""); # compare with inp
- &je (&label("enc_in_place"));
- &align (4);
- &data_word(0xA4F3F689); # rep movsb # copy input
- &jmp (&label("enc_skip_in_place"));
- &set_label("enc_in_place");
+ &jnz (&label("dec_in_place_loop"));
+ &jmp (&label("dec_out"));
+
+ &align (4);
+ &set_label("dec_in_place_partial");
+ # one can argue if this is actually required...
+ &mov ($key eq "edi" ? $key : "",$_out);
+ &lea ($acc eq "esi" ? $acc : "",$ivec);
&lea ($key,&DWP(0,$key,$s2));
- &set_label("enc_skip_in_place");
- &mov ($s2,$s1);
- &xor ($s0,$s0);
- &align (4);
- &data_word(0xAAF3F689); # rep stosb # zero tail
-
- &lea ($key,&DWP(-16,$s3)); # restore ivp
- &mov ($acc,$s3); # output as input
- &mov ($s0,&DWP(0,$key));
- &mov ($s1,&DWP(4,$key));
- &mov ($_len,16); # len=16
- &jmp (&label("slow_enc_loop_x86")); # one more spin...
-
-#--------------------------- SLOW DECRYPT ---------------------------#
-&set_label("slow_decrypt",16);
- if (!$x86only) {
- &bt ($_tmp,25); # check for SSE bit
- &jnc (&label("slow_dec_loop_x86"));
-
- &set_label("slow_dec_loop_sse",4);
- &movq ("mm0",&QWP(0,$acc)); # read input
- &movq ("mm4",&QWP(8,$acc));
-
- &mov ($key,$_key);
- &call ("_sse_AES_decrypt_compact");
-
- &mov ($acc,$_inp); # load inp
- &lea ($s0,$ivec);
- &mov ($s1,$_out); # load out
- &mov ($s2,$_len); # load len
- &mov ($key,$_ivp); # load ivp
-
- &movq ("mm1",&QWP(0,$acc)); # re-read input
- &movq ("mm5",&QWP(8,$acc));
-
- &pxor ("mm0",&QWP(0,$key)); # xor iv
- &pxor ("mm4",&QWP(8,$key));
-
- &movq (&QWP(0,$key),"mm1"); # copy input to iv
- &movq (&QWP(8,$key),"mm5");
-
- &sub ($s2,16); # decrease len
- &jc (&label("slow_dec_partial_sse"));
-
- &movq (&QWP(0,$s1),"mm0"); # write output
- &movq (&QWP(8,$s1),"mm4");
-
- &lea ($s1,&DWP(16,$s1)); # advance out
- &mov ($_out,$s1); # save out
- &lea ($acc,&DWP(16,$acc)); # advance inp
- &mov ($_inp,$acc); # save inp
- &mov ($_len,$s2); # save len
- &jnz (&label("slow_dec_loop_sse"));
- &emms ();
- &mov ("esp",$_esp);
- &popf ();
- &function_end_A();
- &pushf (); # kludge, never executed
-
- &set_label("slow_dec_partial_sse",16);
- &movq (&QWP(0,$s0),"mm0"); # save output to temp
- &movq (&QWP(8,$s0),"mm4");
- &emms ();
-
- &add ($s2 eq "ecx" ? "ecx":"",16);
- &mov ("edi",$s1); # out
- &mov ("esi",$s0); # temp
- &align (4);
- &data_word(0xA4F3F689); # rep movsb # copy partial output
-
- &mov ("esp",$_esp);
- &popf ();
- &function_end_A();
- &pushf (); # kludge, never executed
- }
- &set_label("slow_dec_loop_x86",16);
- &mov ($s0,&DWP(0,$acc)); # read input
- &mov ($s1,&DWP(4,$acc));
- &mov ($s2,&DWP(8,$acc));
- &mov ($s3,&DWP(12,$acc));
-
- &lea ($key,$ivec);
- &mov (&DWP(0,$key),$s0); # copy to temp
- &mov (&DWP(4,$key),$s1);
- &mov (&DWP(8,$key),$s2);
- &mov (&DWP(12,$key),$s3);
-
- &mov ($key,$_key); # load key
- &call ("_x86_AES_decrypt_compact");
-
- &mov ($key,$_ivp); # load ivp
- &mov ($acc,$_len); # load len
- &xor ($s0,&DWP(0,$key)); # xor iv
- &xor ($s1,&DWP(4,$key));
- &xor ($s2,&DWP(8,$key));
- &xor ($s3,&DWP(12,$key));
-
- &sub ($acc,16);
- &jc (&label("slow_dec_partial_x86"));
-
- &mov ($_len,$acc); # save len
- &mov ($acc,$_out); # load out
-
- &mov (&DWP(0,$acc),$s0); # write output
- &mov (&DWP(4,$acc),$s1);
- &mov (&DWP(8,$acc),$s2);
- &mov (&DWP(12,$acc),$s3);
-
- &lea ($acc,&DWP(16,$acc)); # advance out
- &mov ($_out,$acc); # save out
-
- &lea ($acc,$ivec);
- &mov ($s0,&DWP(0,$acc)); # read temp
- &mov ($s1,&DWP(4,$acc));
- &mov ($s2,&DWP(8,$acc));
- &mov ($s3,&DWP(12,$acc));
-
- &mov (&DWP(0,$key),$s0); # copy it to iv
- &mov (&DWP(4,$key),$s1);
- &mov (&DWP(8,$key),$s2);
- &mov (&DWP(12,$key),$s3);
-
- &mov ($acc,$_inp); # load inp
- &lea ($acc,&DWP(16,$acc)); # advance inp
- &mov ($_inp,$acc); # save inp
- &jnz (&label("slow_dec_loop_x86"));
- &mov ("esp",$_esp);
- &popf ();
- &function_end_A();
- &pushf (); # kludge, never executed
-
- &set_label("slow_dec_partial_x86",16);
- &lea ($acc,$ivec);
- &mov (&DWP(0,$acc),$s0); # save output to temp
- &mov (&DWP(4,$acc),$s1);
- &mov (&DWP(8,$acc),$s2);
- &mov (&DWP(12,$acc),$s3);
-
- &mov ($acc,$_inp);
- &mov ($s0,&DWP(0,$acc)); # re-read input
- &mov ($s1,&DWP(4,$acc));
- &mov ($s2,&DWP(8,$acc));
- &mov ($s3,&DWP(12,$acc));
-
- &mov (&DWP(0,$key),$s0); # copy it to iv
- &mov (&DWP(4,$key),$s1);
- &mov (&DWP(8,$key),$s2);
- &mov (&DWP(12,$key),$s3);
-
- &mov ("ecx",$_len);
- &mov ("edi",$_out);
- &lea ("esi",$ivec);
- &align (4);
- &data_word(0xA4F3F689); # rep movsb # copy partial output
-
- &mov ("esp",$_esp);
- &popf ();
+ &lea ($acc,&DWP(16,$acc,$s2));
+ &neg ($s2 eq "ecx" ? $s2 : "");
+ &data_word(0xA4F3F689); # rep movsb # restore tail
+
+ &align (4);
+ &set_label("dec_out");
+ &cmp ($mark,0); # was the key schedule copied?
+ &mov ("edi",$_key);
+ &je (&label("skip_dzero"));
+ # zero copy of key schedule
+ &mov ("ecx",240/4);
+ &xor ("eax","eax");
+ &align (4);
+ &data_word(0xABF3F689); # rep stosd
+ &set_label("skip_dzero")
+ &mov ("esp",$_esp);
+ &popf ();
&function_end("AES_cbc_encrypt");
}
sub enckey()
{
&movz ("esi",&LB("edx")); # rk[i]>>0
- &movz ("ebx",&BP(-128,$tbl,"esi",1));
+ &mov ("ebx",&DWP(2,"ebp","esi",8));
&movz ("esi",&HB("edx")); # rk[i]>>8
- &shl ("ebx",24);
+ &and ("ebx",0xFF000000);
&xor ("eax","ebx");
- &movz ("ebx",&BP(-128,$tbl,"esi",1));
+ &mov ("ebx",&DWP(2,"ebp","esi",8));
&shr ("edx",16);
+ &and ("ebx",0x000000FF);
&movz ("esi",&LB("edx")); # rk[i]>>16
&xor ("eax","ebx");
- &movz ("ebx",&BP(-128,$tbl,"esi",1));
+ &mov ("ebx",&DWP(0,"ebp","esi",8));
&movz ("esi",&HB("edx")); # rk[i]>>24
- &shl ("ebx",8);
+ &and ("ebx",0x0000FF00);
&xor ("eax","ebx");
- &movz ("ebx",&BP(-128,$tbl,"esi",1));
- &shl ("ebx",16);
+ &mov ("ebx",&DWP(0,"ebp","esi",8));
+ &and ("ebx",0x00FF0000);
&xor ("eax","ebx");
- &xor ("eax",&DWP(1024-128,$tbl,"ecx",4)); # rcon
+ &xor ("eax",&DWP(2048,"ebp","ecx",4)); # rcon
}
# int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
&call (&label("pic_point"));
&set_label("pic_point");
- &blindpop($tbl);
- &lea ($tbl,&DWP(&label("AES_Te")."-".&label("pic_point"),$tbl));
- &lea ($tbl,&DWP(2048+128,$tbl));
-
- # prefetch Te4
- &mov ("eax",&DWP(0-128,$tbl));
- &mov ("ebx",&DWP(32-128,$tbl));
- &mov ("ecx",&DWP(64-128,$tbl));
- &mov ("edx",&DWP(96-128,$tbl));
- &mov ("eax",&DWP(128-128,$tbl));
- &mov ("ebx",&DWP(160-128,$tbl));
- &mov ("ecx",&DWP(192-128,$tbl));
- &mov ("edx",&DWP(224-128,$tbl));
+ &blindpop("ebp");
+ &lea ("ebp",&DWP(&label("AES_Te")."-".&label("pic_point"),"ebp"));
&mov ("ecx",&wparam(1)); # number of bits in key
&cmp ("ecx",128);
&mov ("edx","eax");
&mov ("eax",&DWP(16,"edi")); # rk[4]
&movz ("esi",&LB("edx")); # rk[11]>>0
- &movz ("ebx",&BP(-128,$tbl,"esi",1));
+ &mov ("ebx",&DWP(2,"ebp","esi",8));
&movz ("esi",&HB("edx")); # rk[11]>>8
+ &and ("ebx",0x000000FF);
&xor ("eax","ebx");
- &movz ("ebx",&BP(-128,$tbl,"esi",1));
+ &mov ("ebx",&DWP(0,"ebp","esi",8));
&shr ("edx",16);
- &shl ("ebx",8);
+ &and ("ebx",0x0000FF00);
&movz ("esi",&LB("edx")); # rk[11]>>16
&xor ("eax","ebx");
- &movz ("ebx",&BP(-128,$tbl,"esi",1));
+ &mov ("ebx",&DWP(0,"ebp","esi",8));
&movz ("esi",&HB("edx")); # rk[11]>>24
- &shl ("ebx",16);
+ &and ("ebx",0x00FF0000);
&xor ("eax","ebx");
- &movz ("ebx",&BP(-128,$tbl,"esi",1));
- &shl ("ebx",24);
+ &mov ("ebx",&DWP(2,"ebp","esi",8));
+ &and ("ebx",0xFF000000);
&xor ("eax","ebx");
&mov (&DWP(48,"edi"),"eax"); # rk[12]
&function_end("AES_set_encrypt_key");
sub deckey()
-{ my ($i,$key,$tp1,$tp2,$tp4,$tp8) = @_;
- my $tmp = $tbl;
-
- &mov ($acc,$tp1);
- &and ($acc,0x80808080);
- &mov ($tmp,$acc);
- &shr ($tmp,7);
- &lea ($tp2,&DWP(0,$tp1,$tp1));
- &sub ($acc,$tmp);
- &and ($tp2,0xfefefefe);
- &and ($acc,0x1b1b1b1b);
- &xor ($acc,$tp2);
- &mov ($tp2,$acc);
-
- &and ($acc,0x80808080);
- &mov ($tmp,$acc);
- &shr ($tmp,7);
- &lea ($tp4,&DWP(0,$tp2,$tp2));
- &sub ($acc,$tmp);
- &and ($tp4,0xfefefefe);
- &and ($acc,0x1b1b1b1b);
- &xor ($tp2,$tp1); # tp2^tp1
- &xor ($acc,$tp4);
- &mov ($tp4,$acc);
-
- &and ($acc,0x80808080);
- &mov ($tmp,$acc);
- &shr ($tmp,7);
- &lea ($tp8,&DWP(0,$tp4,$tp4));
- &xor ($tp4,$tp1); # tp4^tp1
- &sub ($acc,$tmp);
- &and ($tp8,0xfefefefe);
- &and ($acc,0x1b1b1b1b);
- &rotl ($tp1,8); # = ROTATE(tp1,8)
- &xor ($tp8,$acc);
-
- &mov ($tmp,&DWP(4*($i+1),$key)); # modulo-scheduled load
-
- &xor ($tp1,$tp2);
- &xor ($tp2,$tp8);
- &xor ($tp1,$tp4);
- &rotl ($tp2,24);
- &xor ($tp4,$tp8);
- &xor ($tp1,$tp8); # ^= tp8^(tp4^tp1)^(tp2^tp1)
- &rotl ($tp4,16);
- &xor ($tp1,$tp2); # ^= ROTATE(tp8^tp2^tp1,24)
- &rotl ($tp8,8);
- &xor ($tp1,$tp4); # ^= ROTATE(tp8^tp4^tp1,16)
- &mov ($tp2,$tmp);
- &xor ($tp1,$tp8); # ^= ROTATE(tp8,8)
-
- &mov (&DWP(4*$i,$key),$tp1);
+{ my ($i,$ptr,$te,$td) = @_;
+
+ &mov ("eax",&DWP($i,$ptr));
+ &mov ("edx","eax");
+ &movz ("ebx",&HB("eax"));
+ &shr ("edx",16);
+ &and ("eax",0xFF);
+ &movz ("eax",&BP(2,$te,"eax",8));
+ &movz ("ebx",&BP(2,$te,"ebx",8));
+ &mov ("eax",&DWP(0,$td,"eax",8));
+ &xor ("eax",&DWP(3,$td,"ebx",8));
+ &movz ("ebx",&HB("edx"));
+ &and ("edx",0xFF);
+ &movz ("edx",&BP(2,$te,"edx",8));
+ &movz ("ebx",&BP(2,$te,"ebx",8));
+ &xor ("eax",&DWP(2,$td,"edx",8));
+ &xor ("eax",&DWP(1,$td,"ebx",8));
+ &mov (&DWP($i,$ptr),"eax");
}
# int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
&lea ("ecx",&DWP(0,"","ecx",4));
&lea ("edi",&DWP(0,"esi","ecx",4)); # pointer to last chunk
- &set_label("invert",4); # invert order of chunks
+ &align (4);
+ &set_label("invert"); # invert order of chunks
&mov ("eax",&DWP(0,"esi"));
&mov ("ebx",&DWP(4,"esi"));
&mov ("ecx",&DWP(0,"edi"));
&cmp ("esi","edi");
&jne (&label("invert"));
- &mov ($key,&wparam(2));
- &mov ($acc,&DWP(240,$key)); # pull number of rounds
- &lea ($acc,&DWP(-2,$acc,$acc));
- &lea ($acc,&DWP(0,$key,$acc,8));
- &mov (&wparam(2),$acc);
-
- &mov ($s0,&DWP(16,$key)); # modulo-scheduled load
- &set_label("permute",4); # permute the key schedule
- &add ($key,16);
- &deckey (0,$key,$s0,$s1,$s2,$s3);
- &deckey (1,$key,$s1,$s2,$s3,$s0);
- &deckey (2,$key,$s2,$s3,$s0,$s1);
- &deckey (3,$key,$s3,$s0,$s1,$s2);
- &cmp ($key,&wparam(2));
- &jb (&label("permute"));
+ &call (&label("pic_point"));
+ &set_label("pic_point");
+ blindpop("ebp");
+ &lea ("edi",&DWP(&label("AES_Td")."-".&label("pic_point"),"ebp"));
+ &lea ("ebp",&DWP(&label("AES_Te")."-".&label("pic_point"),"ebp"));
+
+ &mov ("esi",&wparam(2));
+ &mov ("ecx",&DWP(240,"esi")); # pull number of rounds
+ &dec ("ecx");
+ &align (4);
+ &set_label("permute"); # permute the key schedule
+ &add ("esi",16);
+ &deckey (0,"esi","ebp","edi");
+ &deckey (4,"esi","ebp","edi");
+ &deckey (8,"esi","ebp","edi");
+ &deckey (12,"esi","ebp","edi");
+ &dec ("ecx");
+ &jnz (&label("permute"));
&xor ("eax","eax"); # return success
&function_end("AES_set_decrypt_key");
-&asciz("AES for x86, CRYPTOGAMS by <appro\@openssl.org>");
&asm_finish();
#
# ====================================================================
# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
-# project. The module is, however, dual licensed under OpenSSL and
-# CRYPTOGAMS licenses depending on where you obtain it. For further
-# details see http://www.openssl.org/~appro/cryptogams/.
+# project. Rights for redistribution and usage in source and binary
+# forms are granted according to the OpenSSL license.
# ====================================================================
#
-# Version 2.1.
+# Version 1.2.
#
# aes-*-cbc benchmarks are improved by >70% [compared to gcc 3.3.2 on
# Opteron 240 CPU] plus all the bells-n-whistles from 32-bit version
#
# Performance in number of cycles per processed byte for 128-bit key:
#
-# ECB encrypt ECB decrypt CBC large chunk
-# AMD64 33 41 13.0
-# EM64T 38 59 18.6(*)
-# Core 2 30 43 14.5(*)
+# ECB CBC encrypt
+# AMD64 13.7 13.0(*)
+# EM64T 20.2 18.6(*)
#
-# (*) with hyper-threading off
+# (*) CBC benchmarks are better than ECB thanks to custom ABI used
+# by the private block encryption function.
$verticalspin=1; # unlike 32-bit version $verticalspin performs
# ~15% better on both AMD and Intel cores
-$speed_limit=512; # see aes-586.pl for details
$output=shift;
-
-$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
-( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
-( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
-die "can't locate x86_64-xlate.pl";
-
-open STDOUT,"| $^X $xlate $output";
+open STDOUT,"| $^X ../perlasm/x86_64-xlate.pl $output";
$code=".text\n";
$s1="%ebx";
$s2="%ecx";
$s3="%edx";
-$acc0="%esi"; $mask80="%rsi";
-$acc1="%edi"; $maskfe="%rdi";
-$acc2="%ebp"; $mask1b="%rbp";
+$acc0="%esi";
+$acc1="%edi";
+$acc2="%ebp";
$inp="%r8";
$out="%r9";
$t0="%r10d";
sub lo() { my $r=shift; $r =~ s/%[er]([a-d])x/%\1l/;
$r =~ s/%[er]([sd]i)/%\1l/;
$r =~ s/%(r[0-9]+)[d]?/%\1b/; $r; }
-sub LO() { my $r=shift; $r =~ s/%r([a-z]+)/%e\1/;
- $r =~ s/%r([0-9]+)/%r\1d/; $r; }
sub _data_word()
{ my $i;
while(defined($i=shift)) { $code.=sprintf".long\t0x%08x,0x%08x\n",$i,$i; }
movzb `&lo("$s0")`,$acc0
movzb `&lo("$s1")`,$acc1
movzb `&lo("$s2")`,$acc2
- movzb 2($sbox,$acc0,8),$t0
- movzb 2($sbox,$acc1,8),$t1
- movzb 2($sbox,$acc2,8),$t2
+ mov 2($sbox,$acc0,8),$t0
+ mov 2($sbox,$acc1,8),$t1
+ mov 2($sbox,$acc2,8),$t2
+
+ and \$0x000000ff,$t0
+ and \$0x000000ff,$t1
+ and \$0x000000ff,$t2
movzb `&lo("$s3")`,$acc0
movzb `&hi("$s1")`,$acc1
movzb `&hi("$s2")`,$acc2
- movzb 2($sbox,$acc0,8),$t3
+ mov 2($sbox,$acc0,8),$t3
mov 0($sbox,$acc1,8),$acc1 #$t0
mov 0($sbox,$acc2,8),$acc2 #$t1
+ and \$0x000000ff,$t3
and \$0x0000ff00,$acc1
and \$0x0000ff00,$acc2
.size _x86_64_AES_encrypt,.-_x86_64_AES_encrypt
___
-# it's possible to implement this by shifting tN by 8, filling least
-# significant byte with byte load and finally bswap-ing at the end,
-# but such partial register load kills Core 2...
-sub enccompactvert()
-{ my ($t3,$t4,$t5)=("%r8d","%r9d","%r13d");
-
-$code.=<<___;
- movzb `&lo("$s0")`,$t0
- movzb `&lo("$s1")`,$t1
- movzb `&lo("$s2")`,$t2
- movzb ($sbox,$t0,1),$t0
- movzb ($sbox,$t1,1),$t1
- movzb ($sbox,$t2,1),$t2
-
- movzb `&lo("$s3")`,$t3
- movzb `&hi("$s1")`,$acc0
- movzb `&hi("$s2")`,$acc1
- movzb ($sbox,$t3,1),$t3
- movzb ($sbox,$acc0,1),$t4 #$t0
- movzb ($sbox,$acc1,1),$t5 #$t1
-
- movzb `&hi("$s3")`,$acc2
- movzb `&hi("$s0")`,$acc0
- shr \$16,$s2
- movzb ($sbox,$acc2,1),$acc2 #$t2
- movzb ($sbox,$acc0,1),$acc0 #$t3
- shr \$16,$s3
-
- movzb `&lo("$s2")`,$acc1
- shl \$8,$t4
- shl \$8,$t5
- movzb ($sbox,$acc1,1),$acc1 #$t0
- xor $t4,$t0
- xor $t5,$t1
-
- movzb `&lo("$s3")`,$t4
- shr \$16,$s0
- shr \$16,$s1
- movzb `&lo("$s0")`,$t5
- shl \$8,$acc2
- shl \$8,$acc0
- movzb ($sbox,$t4,1),$t4 #$t1
- movzb ($sbox,$t5,1),$t5 #$t2
- xor $acc2,$t2
- xor $acc0,$t3
-
- movzb `&lo("$s1")`,$acc2
- movzb `&hi("$s3")`,$acc0
- shl \$16,$acc1
- movzb ($sbox,$acc2,1),$acc2 #$t3
- movzb ($sbox,$acc0,1),$acc0 #$t0
- xor $acc1,$t0
-
- movzb `&hi("$s0")`,$acc1
- shr \$8,$s2
- shr \$8,$s1
- movzb ($sbox,$acc1,1),$acc1 #$t1
- movzb ($sbox,$s2,1),$s3 #$t3
- movzb ($sbox,$s1,1),$s2 #$t2
- shl \$16,$t4
- shl \$16,$t5
- shl \$16,$acc2
- xor $t4,$t1
- xor $t5,$t2
- xor $acc2,$t3
-
- shl \$24,$acc0
- shl \$24,$acc1
- shl \$24,$s3
- xor $acc0,$t0
- shl \$24,$s2
- xor $acc1,$t1
- mov $t0,$s0
- mov $t1,$s1
- xor $t2,$s2
- xor $t3,$s3
-___
-}
-
-sub enctransform_ref()
-{ my $sn = shift;
- my ($acc,$r2,$tmp)=("%r8d","%r9d","%r13d");
-
-$code.=<<___;
- mov $sn,$acc
- and \$0x80808080,$acc
- mov $acc,$tmp
- shr \$7,$tmp
- lea ($sn,$sn),$r2
- sub $tmp,$acc
- and \$0xfefefefe,$r2
- and \$0x1b1b1b1b,$acc
- mov $sn,$tmp
- xor $acc,$r2
-
- xor $r2,$sn
- rol \$24,$sn
- xor $r2,$sn
- ror \$16,$tmp
- xor $tmp,$sn
- ror \$8,$tmp
- xor $tmp,$sn
-___
-}
-
-# unlike decrypt case it does not pay off to parallelize enctransform
-sub enctransform()
-{ my ($t3,$r20,$r21)=($acc2,"%r8d","%r9d");
-
-$code.=<<___;
- mov $s0,$acc0
- mov $s1,$acc1
- and \$0x80808080,$acc0
- and \$0x80808080,$acc1
- mov $acc0,$t0
- mov $acc1,$t1
- shr \$7,$t0
- lea ($s0,$s0),$r20
- shr \$7,$t1
- lea ($s1,$s1),$r21
- sub $t0,$acc0
- sub $t1,$acc1
- and \$0xfefefefe,$r20
- and \$0xfefefefe,$r21
- and \$0x1b1b1b1b,$acc0
- and \$0x1b1b1b1b,$acc1
- mov $s0,$t0
- mov $s1,$t1
- xor $acc0,$r20
- xor $acc1,$r21
-
- xor $r20,$s0
- xor $r21,$s1
- mov $s2,$acc0
- mov $s3,$acc1
- rol \$24,$s0
- rol \$24,$s1
- and \$0x80808080,$acc0
- and \$0x80808080,$acc1
- xor $r20,$s0
- xor $r21,$s1
- mov $acc0,$t2
- mov $acc1,$t3
- ror \$16,$t0
- ror \$16,$t1
- shr \$7,$t2
- lea ($s2,$s2),$r20
- xor $t0,$s0
- xor $t1,$s1
- shr \$7,$t3
- lea ($s3,$s3),$r21
- ror \$8,$t0
- ror \$8,$t1
- sub $t2,$acc0
- sub $t3,$acc1
- xor $t0,$s0
- xor $t1,$s1
-
- and \$0xfefefefe,$r20
- and \$0xfefefefe,$r21
- and \$0x1b1b1b1b,$acc0
- and \$0x1b1b1b1b,$acc1
- mov $s2,$t2
- mov $s3,$t3
- xor $acc0,$r20
- xor $acc1,$r21
-
- xor $r20,$s2
- xor $r21,$s3
- rol \$24,$s2
- rol \$24,$s3
- xor $r20,$s2
- xor $r21,$s3
- mov 0($sbox),$acc0 # prefetch Te4
- ror \$16,$t2
- ror \$16,$t3
- mov 64($sbox),$acc1
- xor $t2,$s2
- xor $t3,$s3
- mov 128($sbox),$r20
- ror \$8,$t2
- ror \$8,$t3
- mov 192($sbox),$r21
- xor $t2,$s2
- xor $t3,$s3
-___
-}
-
-$code.=<<___;
-.type _x86_64_AES_encrypt_compact,\@abi-omnipotent
-.align 16
-_x86_64_AES_encrypt_compact:
- lea 128($sbox),$inp # size optimization
- mov 0-128($inp),$acc1 # prefetch Te4
- mov 32-128($inp),$acc2
- mov 64-128($inp),$t0
- mov 96-128($inp),$t1
- mov 128-128($inp),$acc1
- mov 160-128($inp),$acc2
- mov 192-128($inp),$t0
- mov 224-128($inp),$t1
- jmp .Lenc_loop_compact
-.align 16
-.Lenc_loop_compact:
- xor 0($key),$s0 # xor with key
- xor 4($key),$s1
- xor 8($key),$s2
- xor 12($key),$s3
- lea 16($key),$key
-___
- &enccompactvert();
-$code.=<<___;
- cmp 16(%rsp),$key
- je .Lenc_compact_done
-___
- &enctransform();
-$code.=<<___;
- jmp .Lenc_loop_compact
-.align 16
-.Lenc_compact_done:
- xor 0($key),$s0
- xor 4($key),$s1
- xor 8($key),$s2
- xor 12($key),$s3
- .byte 0xf3,0xc3 # rep ret
-.size _x86_64_AES_encrypt_compact,.-_x86_64_AES_encrypt_compact
-___
-
# void AES_encrypt (const void *inp,void *out,const AES_KEY *key);
$code.=<<___;
.globl AES_encrypt
push %r14
push %r15
- # allocate frame "above" key schedule
- mov %rsp,%rax
mov %rdx,$key
- lea -63(%rdx),%rcx
- and \$-64,%rsp
- sub %rsp,%rcx
- neg %rcx
- and \$0x3c0,%rcx
- sub %rcx,%rsp
-
- push %rax # save real stack pointer
- push %rsi # save out
-
- mov 240($key),$rnds # load rounds
-
- mov 0(%rdi),$s0 # load input vector
- mov 4(%rdi),$s1
- mov 8(%rdi),$s2
- mov 12(%rdi),$s3
-
- shl \$4,$rnds
- lea ($key,$rnds),%rbp
- push %rbp
- push $key
+ mov %rdi,$inp
+ mov %rsi,$out
- # pick Te4 copy which can't "overlap" with stack frame or key schedule
.picmeup $sbox
- lea AES_Te+2048-.($sbox),$sbox
- lea 768(%rsp),%rbp
- sub $sbox,%rbp
- and \$0x300,%rbp
- lea ($sbox,%rbp),$sbox
+ lea AES_Te-.($sbox),$sbox
+
+ mov 0($inp),$s0
+ mov 4($inp),$s1
+ mov 8($inp),$s2
+ mov 12($inp),$s3
- call _x86_64_AES_encrypt_compact
+ call _x86_64_AES_encrypt
- mov 16(%rsp),$out # restore out
- mov 24(%rsp),%rsp
- mov $s0,0($out) # write output vector
+ mov $s0,0($out)
mov $s1,4($out)
mov $s2,8($out)
mov $s3,12($out)
{ my $t3="%r8d"; # zaps $inp!
$code.=<<___;
- lea 2048($sbox),$sbox # size optimization
movzb `&lo("$s0")`,$acc0
movzb `&lo("$s1")`,$acc1
movzb `&lo("$s2")`,$acc2
- movzb ($sbox,$acc0,1),$t0
- movzb ($sbox,$acc1,1),$t1
- movzb ($sbox,$acc2,1),$t2
+ movzb 2048($sbox,$acc0,1),$t0
+ movzb 2048($sbox,$acc1,1),$t1
+ movzb 2048($sbox,$acc2,1),$t2
movzb `&lo("$s3")`,$acc0
movzb `&hi("$s3")`,$acc1
movzb `&hi("$s0")`,$acc2
- movzb ($sbox,$acc0,1),$t3
- movzb ($sbox,$acc1,1),$acc1 #$t0
- movzb ($sbox,$acc2,1),$acc2 #$t1
+ movzb 2048($sbox,$acc0,1),$t3
+ movzb 2048($sbox,$acc1,1),$acc1 #$t0
+ movzb 2048($sbox,$acc2,1),$acc2 #$t1
shl \$8,$acc1
shl \$8,$acc2
movzb `&hi("$s1")`,$acc0
movzb `&hi("$s2")`,$acc1
shr \$16,$s0
- movzb ($sbox,$acc0,1),$acc0 #$t2
- movzb ($sbox,$acc1,1),$acc1 #$t3
+ movzb 2048($sbox,$acc0,1),$acc0 #$t2
+ movzb 2048($sbox,$acc1,1),$acc1 #$t3
shl \$8,$acc0
shl \$8,$acc1
movzb `&lo("$s2")`,$acc0
movzb `&lo("$s3")`,$acc1
movzb `&lo("$s0")`,$acc2
- movzb ($sbox,$acc0,1),$acc0 #$t0
- movzb ($sbox,$acc1,1),$acc1 #$t1
- movzb ($sbox,$acc2,1),$acc2 #$t2
+ movzb 2048($sbox,$acc0,1),$acc0 #$t0
+ movzb 2048($sbox,$acc1,1),$acc1 #$t1
+ movzb 2048($sbox,$acc2,1),$acc2 #$t2
shl \$16,$acc0
shl \$16,$acc1
movzb `&lo("$s1")`,$acc0
movzb `&hi("$s1")`,$acc1
movzb `&hi("$s2")`,$acc2
- movzb ($sbox,$acc0,1),$acc0 #$t3
- movzb ($sbox,$acc1,1),$acc1 #$t0
- movzb ($sbox,$acc2,1),$acc2 #$t1
+ movzb 2048($sbox,$acc0,1),$acc0 #$t3
+ movzb 2048($sbox,$acc1,1),$acc1 #$t0
+ movzb 2048($sbox,$acc2,1),$acc2 #$t1
shl \$16,$acc0
shl \$24,$acc1
movzb `&hi("$s3")`,$acc0
movzb `&hi("$s0")`,$acc1
mov 16+12($key),$s3
- movzb ($sbox,$acc0,1),$acc0 #$t2
- movzb ($sbox,$acc1,1),$acc1 #$t3
+ movzb 2048($sbox,$acc0,1),$acc0 #$t2
+ movzb 2048($sbox,$acc1,1),$acc1 #$t3
mov 16+0($key),$s0
shl \$24,$acc0
mov 16+4($key),$s1
mov 16+8($key),$s2
- lea -2048($sbox),$sbox
xor $t0,$s0
xor $t1,$s1
xor $t2,$s2
.size _x86_64_AES_decrypt,.-_x86_64_AES_decrypt
___
-sub deccompactvert()
-{ my ($t3,$t4,$t5)=("%r8d","%r9d","%r13d");
-
-$code.=<<___;
- movzb `&lo("$s0")`,$t0
- movzb `&lo("$s1")`,$t1
- movzb `&lo("$s2")`,$t2
- movzb ($sbox,$t0,1),$t0
- movzb ($sbox,$t1,1),$t1
- movzb ($sbox,$t2,1),$t2
-
- movzb `&lo("$s3")`,$t3
- movzb `&hi("$s3")`,$acc0
- movzb `&hi("$s0")`,$acc1
- movzb ($sbox,$t3,1),$t3
- movzb ($sbox,$acc0,1),$t4 #$t0
- movzb ($sbox,$acc1,1),$t5 #$t1
-
- movzb `&hi("$s1")`,$acc2
- movzb `&hi("$s2")`,$acc0
- shr \$16,$s2
- movzb ($sbox,$acc2,1),$acc2 #$t2
- movzb ($sbox,$acc0,1),$acc0 #$t3
- shr \$16,$s3
-
- movzb `&lo("$s2")`,$acc1
- shl \$8,$t4
- shl \$8,$t5
- movzb ($sbox,$acc1,1),$acc1 #$t0
- xor $t4,$t0
- xor $t5,$t1
-
- movzb `&lo("$s3")`,$t4
- shr \$16,$s0
- shr \$16,$s1
- movzb `&lo("$s0")`,$t5
- shl \$8,$acc2
- shl \$8,$acc0
- movzb ($sbox,$t4,1),$t4 #$t1
- movzb ($sbox,$t5,1),$t5 #$t2
- xor $acc2,$t2
- xor $acc0,$t3
-
- movzb `&lo("$s1")`,$acc2
- movzb `&hi("$s1")`,$acc0
- shl \$16,$acc1
- movzb ($sbox,$acc2,1),$acc2 #$t3
- movzb ($sbox,$acc0,1),$acc0 #$t0
- xor $acc1,$t0
-
- movzb `&hi("$s2")`,$acc1
- shl \$16,$t4
- shl \$16,$t5
- movzb ($sbox,$acc1,1),$s1 #$t1
- xor $t4,$t1
- xor $t5,$t2
-
- movzb `&hi("$s3")`,$acc1
- shr \$8,$s0
- shl \$16,$acc2
- movzb ($sbox,$acc1,1),$s2 #$t2
- movzb ($sbox,$s0,1),$s3 #$t3
- xor $acc2,$t3
-
- shl \$24,$acc0
- shl \$24,$s1
- shl \$24,$s2
- xor $acc0,$t0
- shl \$24,$s3
- xor $t1,$s1
- mov $t0,$s0
- xor $t2,$s2
- xor $t3,$s3
-___
-}
-
-# parallelized version! input is pair of 64-bit values: %rax=s1.s0
-# and %rcx=s3.s2, output is four 32-bit values in %eax=s0, %ebx=s1,
-# %ecx=s2 and %edx=s3.
-sub dectransform()
-{ my ($tp10,$tp20,$tp40,$tp80,$acc0)=("%rax","%r8", "%r9", "%r10","%rbx");
- my ($tp18,$tp28,$tp48,$tp88,$acc8)=("%rcx","%r11","%r12","%r13","%rdx");
- my $prefetch = shift;
-
-$code.=<<___;
- mov $tp10,$acc0
- mov $tp18,$acc8
- and $mask80,$acc0
- and $mask80,$acc8
- mov $acc0,$tp40
- mov $acc8,$tp48
- shr \$7,$tp40
- lea ($tp10,$tp10),$tp20
- shr \$7,$tp48
- lea ($tp18,$tp18),$tp28
- sub $tp40,$acc0
- sub $tp48,$acc8
- and $maskfe,$tp20
- and $maskfe,$tp28
- and $mask1b,$acc0
- and $mask1b,$acc8
- xor $tp20,$acc0
- xor $tp28,$acc8
- mov $acc0,$tp20
- mov $acc8,$tp28
-
- and $mask80,$acc0
- and $mask80,$acc8
- mov $acc0,$tp80
- mov $acc8,$tp88
- shr \$7,$tp80
- lea ($tp20,$tp20),$tp40
- shr \$7,$tp88
- lea ($tp28,$tp28),$tp48
- sub $tp80,$acc0
- sub $tp88,$acc8
- and $maskfe,$tp40
- and $maskfe,$tp48
- and $mask1b,$acc0
- and $mask1b,$acc8
- xor $tp40,$acc0
- xor $tp48,$acc8
- mov $acc0,$tp40
- mov $acc8,$tp48
-
- and $mask80,$acc0
- and $mask80,$acc8
- mov $acc0,$tp80
- mov $acc8,$tp88
- shr \$7,$tp80
- xor $tp10,$tp20 # tp2^=tp1
- shr \$7,$tp88
- xor $tp18,$tp28 # tp2^=tp1
- sub $tp80,$acc0
- sub $tp88,$acc8
- lea ($tp40,$tp40),$tp80
- lea ($tp48,$tp48),$tp88
- xor $tp10,$tp40 # tp4^=tp1
- xor $tp18,$tp48 # tp4^=tp1
- and $maskfe,$tp80
- and $maskfe,$tp88
- and $mask1b,$acc0
- and $mask1b,$acc8
- xor $acc0,$tp80
- xor $acc8,$tp88
-
- xor $tp80,$tp10 # tp1^=tp8
- xor $tp88,$tp18 # tp1^=tp8
- xor $tp80,$tp20 # tp2^tp1^=tp8
- xor $tp88,$tp28 # tp2^tp1^=tp8
- mov $tp10,$acc0
- mov $tp18,$acc8
- xor $tp80,$tp40 # tp4^tp1^=tp8
- xor $tp88,$tp48 # tp4^tp1^=tp8
- shr \$32,$acc0
- shr \$32,$acc8
- xor $tp20,$tp80 # tp8^=tp8^tp2^tp1=tp2^tp1
- xor $tp28,$tp88 # tp8^=tp8^tp2^tp1=tp2^tp1
- rol \$8,`&LO("$tp10")` # ROTATE(tp1^tp8,8)
- rol \$8,`&LO("$tp18")` # ROTATE(tp1^tp8,8)
- xor $tp40,$tp80 # tp2^tp1^=tp8^tp4^tp1=tp8^tp4^tp2
- xor $tp48,$tp88 # tp2^tp1^=tp8^tp4^tp1=tp8^tp4^tp2
-
- rol \$8,`&LO("$acc0")` # ROTATE(tp1^tp8,8)
- rol \$8,`&LO("$acc8")` # ROTATE(tp1^tp8,8)
- xor `&LO("$tp80")`,`&LO("$tp10")`
- xor `&LO("$tp88")`,`&LO("$tp18")`
- shr \$32,$tp80
- shr \$32,$tp88
- xor `&LO("$tp80")`,`&LO("$acc0")`
- xor `&LO("$tp88")`,`&LO("$acc8")`
-
- mov $tp20,$tp80
- mov $tp28,$tp88
- shr \$32,$tp80
- shr \$32,$tp88
- rol \$24,`&LO("$tp20")` # ROTATE(tp2^tp1^tp8,24)
- rol \$24,`&LO("$tp28")` # ROTATE(tp2^tp1^tp8,24)
- rol \$24,`&LO("$tp80")` # ROTATE(tp2^tp1^tp8,24)
- rol \$24,`&LO("$tp88")` # ROTATE(tp2^tp1^tp8,24)
- xor `&LO("$tp20")`,`&LO("$tp10")`
- xor `&LO("$tp28")`,`&LO("$tp18")`
- mov $tp40,$tp20
- mov $tp48,$tp28
- xor `&LO("$tp80")`,`&LO("$acc0")`
- xor `&LO("$tp88")`,`&LO("$acc8")`
-
- `"mov 0($sbox),$mask80" if ($prefetch)`
- shr \$32,$tp20
- shr \$32,$tp28
- `"mov 64($sbox),$maskfe" if ($prefetch)`
- rol \$16,`&LO("$tp40")` # ROTATE(tp4^tp1^tp8,16)
- rol \$16,`&LO("$tp48")` # ROTATE(tp4^tp1^tp8,16)
- `"mov 128($sbox),$mask1b" if ($prefetch)`
- rol \$16,`&LO("$tp20")` # ROTATE(tp4^tp1^tp8,16)
- rol \$16,`&LO("$tp28")` # ROTATE(tp4^tp1^tp8,16)
- `"mov 192($sbox),$tp80" if ($prefetch)`
- xor `&LO("$tp40")`,`&LO("$tp10")`
- xor `&LO("$tp48")`,`&LO("$tp18")`
- `"mov 256($sbox),$tp88" if ($prefetch)`
- xor `&LO("$tp20")`,`&LO("$acc0")`
- xor `&LO("$tp28")`,`&LO("$acc8")`
-___
-}
-
-$code.=<<___;
-.type _x86_64_AES_decrypt_compact,\@abi-omnipotent
-.align 16
-_x86_64_AES_decrypt_compact:
- lea 128($sbox),$inp # size optimization
- mov 0-128($inp),$acc1 # prefetch Td4
- mov 32-128($inp),$acc2
- mov 64-128($inp),$t0
- mov 96-128($inp),$t1
- mov 128-128($inp),$acc1
- mov 160-128($inp),$acc2
- mov 192-128($inp),$t0
- mov 224-128($inp),$t1
- jmp .Ldec_loop_compact
-
-.align 16
-.Ldec_loop_compact:
- xor 0($key),$s0 # xor with key
- xor 4($key),$s1
- xor 8($key),$s2
- xor 12($key),$s3
- lea 16($key),$key
-___
- &deccompactvert();
-$code.=<<___;
- cmp 16(%rsp),$key
- je .Ldec_compact_done
-
- mov 256+0($sbox),$mask80
- shl \$32,%rbx
- shl \$32,%rdx
- mov 256+8($sbox),$maskfe
- or %rbx,%rax
- or %rdx,%rcx
- mov 256+16($sbox),$mask1b
-___
- &dectransform(1);
-$code.=<<___;
- jmp .Ldec_loop_compact
-.align 16
-.Ldec_compact_done:
- xor 0($key),$s0
- xor 4($key),$s1
- xor 8($key),$s2
- xor 12($key),$s3
- .byte 0xf3,0xc3 # rep ret
-.size _x86_64_AES_decrypt_compact,.-_x86_64_AES_decrypt_compact
-___
-
# void AES_decrypt (const void *inp,void *out,const AES_KEY *key);
$code.=<<___;
.globl AES_decrypt
push %r14
push %r15
- # allocate frame "above" key schedule
- mov %rsp,%rax
mov %rdx,$key
- lea -63(%rdx),%rcx
- and \$-64,%rsp
- sub %rsp,%rcx
- neg %rcx
- and \$0x3c0,%rcx
- sub %rcx,%rsp
-
- push %rax # save real stack pointer
- push %rsi # save out
-
- mov 240($key),$rnds # load rounds
-
- mov 0(%rdi),$s0 # load input vector
- mov 4(%rdi),$s1
- mov 8(%rdi),$s2
- mov 12(%rdi),$s3
-
- shl \$4,$rnds
- lea ($key,$rnds),%rbp
- push %rbp
- push $key
+ mov %rdi,$inp
+ mov %rsi,$out
- # pick Td4 copy which can't "overlap" with stack frame or key schedule
.picmeup $sbox
- lea AES_Td+2048-.($sbox),$sbox
- lea 768(%rsp),%rbp
- sub $sbox,%rbp
- and \$0x300,%rbp
- lea ($sbox,%rbp),$sbox
- shr \$3,%rbp # recall "magic" constants!
- add %rbp,$sbox
-
- call _x86_64_AES_decrypt_compact
-
- mov 16(%rsp),$out # restore out
- mov 24(%rsp),%rsp
- mov $s0,0($out) # write output vector
+ lea AES_Td-.($sbox),$sbox
+
+ # prefetch Td4
+ lea 2048+128($sbox),$sbox;
+ mov 0-128($sbox),$s0
+ mov 32-128($sbox),$s1
+ mov 64-128($sbox),$s2
+ mov 96-128($sbox),$s3
+ mov 128-128($sbox),$s0
+ mov 160-128($sbox),$s1
+ mov 192-128($sbox),$s2
+ mov 224-128($sbox),$s3
+ lea -2048-128($sbox),$sbox;
+
+ mov 0($inp),$s0
+ mov 4($inp),$s1
+ mov 8($inp),$s2
+ mov 12($inp),$s3
+
+ call _x86_64_AES_decrypt
+
+ mov $s0,0($out)
mov $s1,4($out)
mov $s2,8($out)
mov $s3,12($out)
{
$code.=<<___;
movz %dl,%esi # rk[i]>>0
- movzb -128(%rbp,%rsi),%ebx
+ mov 2(%rbp,%rsi,8),%ebx
movz %dh,%esi # rk[i]>>8
- shl \$24,%ebx
+ and \$0xFF000000,%ebx
xor %ebx,%eax
- movzb -128(%rbp,%rsi),%ebx
+ mov 2(%rbp,%rsi,8),%ebx
shr \$16,%edx
+ and \$0x000000FF,%ebx
movz %dl,%esi # rk[i]>>16
xor %ebx,%eax
- movzb -128(%rbp,%rsi),%ebx
+ mov 0(%rbp,%rsi,8),%ebx
movz %dh,%esi # rk[i]>>24
- shl \$8,%ebx
+ and \$0x0000FF00,%ebx
xor %ebx,%eax
- movzb -128(%rbp,%rsi),%ebx
- shl \$16,%ebx
+ mov 0(%rbp,%rsi,8),%ebx
+ and \$0x00FF0000,%ebx
xor %ebx,%eax
- xor 1024-128(%rbp,%rcx,4),%eax # rcon
+ xor 2048(%rbp,%rcx,4),%eax # rcon
___
}
.type AES_set_encrypt_key,\@function,3
.align 16
AES_set_encrypt_key:
- call _x86_64_AES_set_encrypt_key
- ret
-.size AES_set_encrypt_key,.-AES_set_encrypt_key
-
-.type _x86_64_AES_set_encrypt_key,\@abi-omnipotent
-.align 16
-_x86_64_AES_set_encrypt_key:
push %rbx
push %rbp
.picmeup %rbp
lea AES_Te-.(%rbp),%rbp
- lea 2048+128(%rbp),%rbp
-
- # prefetch Te4
- mov 0-128(%rbp),%eax
- mov 32-128(%rbp),%ebx
- mov 64-128(%rbp),%r8d
- mov 96-128(%rbp),%edx
- mov 128-128(%rbp),%eax
- mov 160-128(%rbp),%ebx
- mov 192-128(%rbp),%r8d
- mov 224-128(%rbp),%edx
cmp \$128,%ecx
je .L10rounds
jmp .Lexit
.L10rounds:
- mov 0(%rsi),%rax # copy first 4 dwords
- mov 8(%rsi),%rdx
- mov %rax,0(%rdi)
- mov %rdx,8(%rdi)
+ mov 0(%rsi),%eax # copy first 4 dwords
+ mov 4(%rsi),%ebx
+ mov 8(%rsi),%ecx
+ mov 12(%rsi),%edx
+ mov %eax,0(%rdi)
+ mov %ebx,4(%rdi)
+ mov %ecx,8(%rdi)
+ mov %edx,12(%rdi)
- shr \$32,%rdx
xor %ecx,%ecx
jmp .L10shortcut
.align 4
jmp .Lexit
.L12rounds:
- mov 0(%rsi),%rax # copy first 6 dwords
- mov 8(%rsi),%rbx
- mov 16(%rsi),%rdx
- mov %rax,0(%rdi)
- mov %rbx,8(%rdi)
- mov %rdx,16(%rdi)
-
- shr \$32,%rdx
+ mov 0(%rsi),%eax # copy first 6 dwords
+ mov 4(%rsi),%ebx
+ mov 8(%rsi),%ecx
+ mov 12(%rsi),%edx
+ mov %eax,0(%rdi)
+ mov %ebx,4(%rdi)
+ mov %ecx,8(%rdi)
+ mov %edx,12(%rdi)
+ mov 16(%rsi),%ecx
+ mov 20(%rsi),%edx
+ mov %ecx,16(%rdi)
+ mov %edx,20(%rdi)
+
xor %ecx,%ecx
jmp .L12shortcut
.align 4
jmp .Lexit
.L14rounds:
- mov 0(%rsi),%rax # copy first 8 dwords
- mov 8(%rsi),%rbx
- mov 16(%rsi),%rcx
- mov 24(%rsi),%rdx
- mov %rax,0(%rdi)
- mov %rbx,8(%rdi)
- mov %rcx,16(%rdi)
- mov %rdx,24(%rdi)
-
- shr \$32,%rdx
+ mov 0(%rsi),%eax # copy first 8 dwords
+ mov 4(%rsi),%ebx
+ mov 8(%rsi),%ecx
+ mov 12(%rsi),%edx
+ mov %eax,0(%rdi)
+ mov %ebx,4(%rdi)
+ mov %ecx,8(%rdi)
+ mov %edx,12(%rdi)
+ mov 16(%rsi),%eax
+ mov 20(%rsi),%ebx
+ mov 24(%rsi),%ecx
+ mov 28(%rsi),%edx
+ mov %eax,16(%rdi)
+ mov %ebx,20(%rdi)
+ mov %ecx,24(%rdi)
+ mov %edx,28(%rdi)
+
xor %ecx,%ecx
jmp .L14shortcut
.align 4
.L14loop:
- mov 0(%rdi),%eax # rk[0]
mov 28(%rdi),%edx # rk[4]
.L14shortcut:
+ mov 0(%rdi),%eax # rk[0]
___
&enckey ();
$code.=<<___;
mov %eax,%edx
mov 16(%rdi),%eax # rk[4]
movz %dl,%esi # rk[11]>>0
- movzb -128(%rbp,%rsi),%ebx
+ mov 2(%rbp,%rsi,8),%ebx
movz %dh,%esi # rk[11]>>8
+ and \$0x000000FF,%ebx
xor %ebx,%eax
- movzb -128(%rbp,%rsi),%ebx
+ mov 0(%rbp,%rsi,8),%ebx
shr \$16,%edx
- shl \$8,%ebx
+ and \$0x0000FF00,%ebx
movz %dl,%esi # rk[11]>>16
xor %ebx,%eax
- movzb -128(%rbp,%rsi),%ebx
+ mov 0(%rbp,%rsi,8),%ebx
movz %dh,%esi # rk[11]>>24
- shl \$16,%ebx
+ and \$0x00FF0000,%ebx
xor %ebx,%eax
- movzb -128(%rbp,%rsi),%ebx
- shl \$24,%ebx
+ mov 2(%rbp,%rsi,8),%ebx
+ and \$0xFF000000,%ebx
xor %ebx,%eax
mov %eax,48(%rdi) # rk[12]
.Lexit:
pop %rbp
pop %rbx
- .byte 0xf3,0xc3 # rep ret
-.size _x86_64_AES_set_encrypt_key,.-_x86_64_AES_set_encrypt_key
+ ret
+.size AES_set_encrypt_key,.-AES_set_encrypt_key
___
-sub deckey_ref()
+sub deckey()
{ my ($i,$ptr,$te,$td) = @_;
- my ($tp1,$tp2,$tp4,$tp8,$acc)=("%eax","%ebx","%edi","%edx","%r8d");
$code.=<<___;
- mov $i($ptr),$tp1
- mov $tp1,$acc
- and \$0x80808080,$acc
- mov $acc,$tp4
- shr \$7,$tp4
- lea 0($tp1,$tp1),$tp2
- sub $tp4,$acc
- and \$0xfefefefe,$tp2
- and \$0x1b1b1b1b,$acc
- xor $tp2,$acc
- mov $acc,$tp2
-
- and \$0x80808080,$acc
- mov $acc,$tp8
- shr \$7,$tp8
- lea 0($tp2,$tp2),$tp4
- sub $tp8,$acc
- and \$0xfefefefe,$tp4
- and \$0x1b1b1b1b,$acc
- xor $tp1,$tp2 # tp2^tp1
- xor $tp4,$acc
- mov $acc,$tp4
-
- and \$0x80808080,$acc
- mov $acc,$tp8
- shr \$7,$tp8
- sub $tp8,$acc
- lea 0($tp4,$tp4),$tp8
- xor $tp1,$tp4 # tp4^tp1
- and \$0xfefefefe,$tp8
- and \$0x1b1b1b1b,$acc
- xor $acc,$tp8
-
- xor $tp8,$tp1 # tp1^tp8
- rol \$8,$tp1 # ROTATE(tp1^tp8,8)
- xor $tp8,$tp2 # tp2^tp1^tp8
- xor $tp8,$tp4 # tp4^tp1^tp8
- xor $tp2,$tp8
- xor $tp4,$tp8 # tp8^(tp8^tp4^tp1)^(tp8^tp2^tp1)=tp8^tp4^tp2
-
- xor $tp8,$tp1
- rol \$24,$tp2 # ROTATE(tp2^tp1^tp8,24)
- xor $tp2,$tp1
- rol \$16,$tp4 # ROTATE(tp4^tp1^tp8,16)
- xor $tp4,$tp1
-
- mov $tp1,$i($ptr)
+ mov $i($ptr),%eax
+ mov %eax,%edx
+ movz %ah,%ebx
+ shr \$16,%edx
+ and \$0xFF,%eax
+ movzb 2($te,%rax,8),%rax
+ movzb 2($te,%rbx,8),%rbx
+ mov 0($td,%rax,8),%eax
+ xor 3($td,%rbx,8),%eax
+ movzb %dh,%ebx
+ and \$0xFF,%edx
+ movzb 2($te,%rdx,8),%rdx
+ movzb 2($te,%rbx,8),%rbx
+ xor 2($td,%rdx,8),%eax
+ xor 1($td,%rbx,8),%eax
+ mov %eax,$i($ptr)
___
}
.type AES_set_decrypt_key,\@function,3
.align 16
AES_set_decrypt_key:
- push %rdx # save key schedule
- call _x86_64_AES_set_encrypt_key
+ push %rdx
+ call AES_set_encrypt_key
cmp \$0,%eax
- pop %r8 # restore key schedule
- jne .Labort
-
- push %rbx
- push %rbp
- push %r12
- push %r13
- push %r14
- push %r15
+ je .Lproceed
+ lea 24(%rsp),%rsp
+ ret
+.Lproceed:
+ mov (%rsp),%r8 # restore key schedule
+ mov %rbx,(%rsp)
- mov 240(%r8),%r14d # pull number of rounds
+ mov 240(%r8),%ecx # pull number of rounds
xor %rdi,%rdi
- lea (%rdi,%r14d,4),%rcx
+ lea (%rdi,%rcx,4),%rcx
mov %r8,%rsi
lea (%r8,%rcx,4),%rdi # pointer to last chunk
.align 4
cmp %rsi,%rdi
jne .Linvert
- .picmeup %rax
- lea AES_Te+2048+1024-.(%rax),%rax # rcon
+ .picmeup %r9
+ lea AES_Td-.(%r9),%rdi
+ lea AES_Te-AES_Td(%rdi),%r9
- mov 40(%rax),$mask80
- mov 48(%rax),$maskfe
- mov 56(%rax),$mask1b
-
- mov %r8,$key
- sub \$1,%r14d
+ mov %r8,%rsi
+ mov 240(%r8),%ecx # pull number of rounds
+ sub \$1,%ecx
.align 4
.Lpermute:
- lea 16($key),$key
- mov 0($key),%rax
- mov 8($key),%rcx
+ lea 16(%rsi),%rsi
___
- &dectransform ();
+ &deckey (0,"%rsi","%r9","%rdi");
+ &deckey (4,"%rsi","%r9","%rdi");
+ &deckey (8,"%rsi","%r9","%rdi");
+ &deckey (12,"%rsi","%r9","%rdi");
$code.=<<___;
- mov %eax,0($key)
- mov %ebx,4($key)
- mov %ecx,8($key)
- mov %edx,12($key)
- sub \$1,%r14d
+ sub \$1,%ecx
jnz .Lpermute
xor %rax,%rax
- pop %r15
- pop %r14
- pop %r13
- pop %r12
- pop %rbp
pop %rbx
-.Labort:
ret
.size AES_set_decrypt_key,.-AES_set_decrypt_key
___
{
# stack frame layout
# -8(%rsp) return address
-my $keyp="0(%rsp)"; # one to pass as $key
-my $keyend="8(%rsp)"; # &(keyp->rd_key[4*keyp->rounds])
-my $_rsp="16(%rsp)"; # saved %rsp
-my $_inp="24(%rsp)"; # copy of 1st parameter, inp
-my $_out="32(%rsp)"; # copy of 2nd parameter, out
-my $_len="40(%rsp)"; # copy of 3rd parameter, length
-my $_key="48(%rsp)"; # copy of 4th parameter, key
-my $_ivp="56(%rsp)"; # copy of 5th parameter, ivp
-my $ivec="64(%rsp)"; # ivec[16]
-my $aes_key="80(%rsp)"; # copy of aes_key
-my $mark="80+240(%rsp)"; # copy of aes_key->rounds
+my $_rsp="0(%rsp)"; # saved %rsp
+my $_len="8(%rsp)"; # copy of 3rd parameter, length
+my $_key="16(%rsp)"; # copy of 4th parameter, key
+my $_ivp="24(%rsp)"; # copy of 5th parameter, ivp
+my $keyp="32(%rsp)"; # one to pass as $key
+my $ivec="40(%rsp)"; # ivec[16]
+my $aes_key="56(%rsp)"; # copy of aes_key
+my $mark="56+240(%rsp)"; # copy of aes_key->rounds
$code.=<<___;
.globl AES_cbc_encrypt
.type AES_cbc_encrypt,\@function,6
.align 16
-.extern OPENSSL_ia32cap_P
AES_cbc_encrypt:
cmp \$0,%rdx # check length
je .Lcbc_just_ret
mov %r9d,%r9d # clear upper half of enc
.picmeup $sbox
- lea AES_Te-.($sbox),$sbox
+.Lcbc_pic_point:
+
cmp \$0,%r9
- jne .Lcbc_picked_te
- lea AES_Td-AES_Te($sbox),$sbox
-.Lcbc_picked_te:
-
- mov OPENSSL_ia32cap_P(%rip),%eax
- cmp \$$speed_limit,%rdx
- jb .Lcbc_slow_way
- test \$15,%rdx
- jnz .Lcbc_slow_way
- bt \$28,%eax
- jc .Lcbc_slow_way
+ je .LDECRYPT
+
+ lea AES_Te-.Lcbc_pic_point($sbox),$sbox
# allocate aligned stack frame...
- lea -88-248(%rsp),$key
+ lea -64-248(%rsp),$key
and \$-64,$key
- # ... and make sure it doesn't alias with AES_T[ed] modulo 4096
+ # ... and make it doesn't alias with AES_Te modulo 4096
mov $sbox,%r10
- lea 2304($sbox),%r11
+ lea 2048($sbox),%r11
mov $key,%r12
and \$0xFFF,%r10 # s = $sbox&0xfff
and \$0xFFF,%r11 # e = ($sbox+2048)&0xfff
xchg %rsp,$key
add \$8,%rsp # reserve for return address!
mov $key,$_rsp # save %rsp
- mov %rdi,$_inp # save copy of inp
- mov %rsi,$_out # save copy of out
mov %rdx,$_len # save copy of len
mov %rcx,$_key # save copy of key
mov %r8,$_ivp # save copy of ivp
movl \$0,$mark # copy of aes_key->rounds = 0;
mov %r8,%rbp # rearrange input arguments
- mov %r9,%rbx
mov %rsi,$out
mov %rdi,$inp
mov %rcx,$key
- mov 240($key),%eax # key->rounds
# do we copy key schedule to stack?
mov $key,%r10
sub $sbox,%r10
and \$0xfff,%r10
- cmp \$2304,%r10
+ cmp \$2048,%r10
jb .Lcbc_do_ecopy
cmp \$4096-248,%r10
jb .Lcbc_skip_ecopy
lea $aes_key,$key
mov \$240/8,%ecx
.long 0x90A548F3 # rep movsq
- mov %eax,(%rdi) # copy aes_key->rounds
+ mov (%rsi),%eax # copy aes_key->rounds
+ mov %eax,(%rdi)
.Lcbc_skip_ecopy:
mov $key,$keyp # save key pointer
- mov \$18,%ecx
+ mov \$16,%ecx
.align 4
.Lcbc_prefetch_te:
mov 0($sbox),%r10
lea 128($sbox),$sbox
sub \$1,%ecx
jnz .Lcbc_prefetch_te
- lea -2304($sbox),$sbox
-
- cmp \$0,%rbx
- je .LFAST_DECRYPT
+ sub \$2048,$sbox
-#----------------------------- ENCRYPT -----------------------------#
+ test \$-16,%rdx # check upon length
+ mov %rdx,%r10
mov 0(%rbp),$s0 # load iv
mov 4(%rbp),$s1
mov 8(%rbp),$s2
mov 12(%rbp),$s3
+ jz .Lcbc_enc_tail # short input...
.align 4
-.Lcbc_fast_enc_loop:
+.Lcbc_enc_loop:
xor 0($inp),$s0
xor 4($inp),$s1
xor 8($inp),$s2
xor 12($inp),$s3
- mov $keyp,$key # restore key
- mov $inp,$_inp # if ($verticalspin) save inp
+ mov $inp,$ivec # if ($verticalspin) save inp
+ mov $keyp,$key # restore key
call _x86_64_AES_encrypt
- mov $_inp,$inp # if ($verticalspin) restore inp
- mov $_len,%r10
+ mov $ivec,$inp # if ($verticalspin) restore inp
mov $s0,0($out)
mov $s1,4($out)
mov $s2,8($out)
mov $s3,12($out)
+ mov $_len,%r10
lea 16($inp),$inp
lea 16($out),$out
sub \$16,%r10
test \$-16,%r10
mov %r10,$_len
- jnz .Lcbc_fast_enc_loop
+ jnz .Lcbc_enc_loop
+ test \$15,%r10
+ jnz .Lcbc_enc_tail
mov $_ivp,%rbp # restore ivp
mov $s0,0(%rbp) # save ivec
mov $s1,4(%rbp)
.Lcbc_cleanup:
cmpl \$0,$mark # was the key schedule copied?
lea $aes_key,%rdi
+ mov $_rsp,%rsp
je .Lcbc_exit
mov \$240/8,%ecx
xor %rax,%rax
.long 0x90AB48F3 # rep stosq
.Lcbc_exit:
- mov $_rsp,%rsp
popfq
pop %r15
pop %r14
pop %rbx
.Lcbc_just_ret:
ret
-
+.align 4
+.Lcbc_enc_tail:
+ cmp $inp,$out
+ je .Lcbc_enc_in_place
+ mov %r10,%rcx
+ mov $inp,%rsi
+ mov $out,%rdi
+ .long 0xF689A4F3 # rep movsb
+.Lcbc_enc_in_place:
+ mov \$16,%rcx # zero tail
+ sub %r10,%rcx
+ xor %rax,%rax
+ .long 0xF689AAF3 # rep stosb
+ mov $out,$inp # this is not a mistake!
+ movq \$16,$_len # len=16
+ jmp .Lcbc_enc_loop # one more spin...
#----------------------------- DECRYPT -----------------------------#
.align 16
-.LFAST_DECRYPT:
+.LDECRYPT:
+ lea AES_Td-.Lcbc_pic_point($sbox),$sbox
+
+ # allocate aligned stack frame...
+ lea -64-248(%rsp),$key
+ and \$-64,$key
+
+ # ... and make it doesn't alias with AES_Td modulo 4096
+ mov $sbox,%r10
+ lea 2304($sbox),%r11
+ mov $key,%r12
+ and \$0xFFF,%r10 # s = $sbox&0xfff
+ and \$0xFFF,%r11 # e = ($sbox+2048+256)&0xfff
+ and \$0xFFF,%r12 # p = %rsp&0xfff
+
+ cmp %r11,%r12 # if (p=>e) %rsp =- (p-e);
+ jb .Lcbc_td_break_out
+ sub %r11,%r12
+ sub %r12,$key
+ jmp .Lcbc_td_ok
+.Lcbc_td_break_out: # else %rsp -= (p-s)&0xfff + framesz
+ sub %r10,%r12
+ and \$0xFFF,%r12
+ add \$320,%r12
+ sub %r12,$key
+.align 4
+.Lcbc_td_ok:
+
+ xchg %rsp,$key
+ add \$8,%rsp # reserve for return address!
+ mov $key,$_rsp # save %rsp
+ mov %rdx,$_len # save copy of len
+ mov %rcx,$_key # save copy of key
+ mov %r8,$_ivp # save copy of ivp
+ movl \$0,$mark # copy of aes_key->rounds = 0;
+ mov %r8,%rbp # rearrange input arguments
+ mov %rsi,$out
+ mov %rdi,$inp
+ mov %rcx,$key
+
+ # do we copy key schedule to stack?
+ mov $key,%r10
+ sub $sbox,%r10
+ and \$0xfff,%r10
+ cmp \$2304,%r10
+ jb .Lcbc_do_dcopy
+ cmp \$4096-248,%r10
+ jb .Lcbc_skip_dcopy
+.align 4
+.Lcbc_do_dcopy:
+ mov $key,%rsi
+ lea $aes_key,%rdi
+ lea $aes_key,$key
+ mov \$240/8,%ecx
+ .long 0x90A548F3 # rep movsq
+ mov (%rsi),%eax # copy aes_key->rounds
+ mov %eax,(%rdi)
+.Lcbc_skip_dcopy:
+ mov $key,$keyp # save key pointer
+
+ mov \$18,%ecx
+.align 4
+.Lcbc_prefetch_td:
+ mov 0($sbox),%r10
+ mov 32($sbox),%r11
+ mov 64($sbox),%r12
+ mov 96($sbox),%r13
+ lea 128($sbox),$sbox
+ sub \$1,%ecx
+ jnz .Lcbc_prefetch_td
+ sub \$2304,$sbox
+
cmp $inp,$out
- je .Lcbc_fast_dec_in_place
+ je .Lcbc_dec_in_place
mov %rbp,$ivec
.align 4
-.Lcbc_fast_dec_loop:
- mov 0($inp),$s0 # read input
+.Lcbc_dec_loop:
+ mov 0($inp),$s0 # read input
mov 4($inp),$s1
mov 8($inp),$s2
mov 12($inp),$s3
- mov $keyp,$key # restore key
- mov $inp,$_inp # if ($verticalspin) save inp
+ mov $inp,8+$ivec # if ($verticalspin) save inp
+ mov $keyp,$key # restore key
call _x86_64_AES_decrypt
mov $ivec,%rbp # load ivp
- mov $_inp,$inp # if ($verticalspin) restore inp
- mov $_len,%r10 # load len
+ mov 8+$ivec,$inp # if ($verticalspin) restore inp
xor 0(%rbp),$s0 # xor iv
xor 4(%rbp),$s1
xor 8(%rbp),$s2
xor 12(%rbp),$s3
mov $inp,%rbp # current input, next iv
+ mov $_len,%r10 # load len
sub \$16,%r10
+ jc .Lcbc_dec_partial
mov %r10,$_len # update len
mov %rbp,$ivec # update ivp
lea 16($inp),$inp
lea 16($out),$out
- jnz .Lcbc_fast_dec_loop
+ jnz .Lcbc_dec_loop
+.Lcbc_dec_end:
mov $_ivp,%r12 # load user ivp
mov 0(%rbp),%r10 # load iv
mov 8(%rbp),%r11
mov %r11,8(%r12)
jmp .Lcbc_cleanup
-.align 16
-.Lcbc_fast_dec_in_place:
- mov 0(%rbp),%r10 # copy iv to stack
- mov 8(%rbp),%r11
- mov %r10,0+$ivec
- mov %r11,8+$ivec
.align 4
-.Lcbc_fast_dec_in_place_loop:
+.Lcbc_dec_partial:
+ mov $s0,0+$ivec # dump output to stack
+ mov $s1,4+$ivec
+ mov $s2,8+$ivec
+ mov $s3,12+$ivec
+ mov $out,%rdi
+ lea $ivec,%rsi
+ mov \$16,%rcx
+ add %r10,%rcx # number of bytes to copy
+ .long 0xF689A4F3 # rep movsb
+ jmp .Lcbc_dec_end
+
+.align 16
+.Lcbc_dec_in_place:
mov 0($inp),$s0 # load input
mov 4($inp),$s1
mov 8($inp),$s2
mov 12($inp),$s3
- mov $keyp,$key # restore key
- mov $inp,$_inp # if ($verticalspin) save inp
+ mov $inp,$ivec # if ($verticalspin) save inp
+ mov $keyp,$key
call _x86_64_AES_decrypt
- mov $_inp,$inp # if ($verticalspin) restore inp
- mov $_len,%r10
- xor 0+$ivec,$s0
- xor 4+$ivec,$s1
- xor 8+$ivec,$s2
- xor 12+$ivec,$s3
-
- mov 0($inp),%r11 # load input
- mov 8($inp),%r12
- sub \$16,%r10
- jz .Lcbc_fast_dec_in_place_done
+ mov $ivec,$inp # if ($verticalspin) restore inp
+ mov $_ivp,%rbp
+ xor 0(%rbp),$s0
+ xor 4(%rbp),$s1
+ xor 8(%rbp),$s2
+ xor 12(%rbp),$s3
- mov %r11,0+$ivec # copy input to iv
- mov %r12,8+$ivec
+ mov 0($inp),%r10 # copy input to iv
+ mov 8($inp),%r11
+ mov %r10,0(%rbp)
+ mov %r11,8(%rbp)
mov $s0,0($out) # save output [zaps input]
mov $s1,4($out)
mov $s2,8($out)
mov $s3,12($out)
+ mov $_len,%rcx
lea 16($inp),$inp
lea 16($out),$out
- mov %r10,$_len
- jmp .Lcbc_fast_dec_in_place_loop
-.Lcbc_fast_dec_in_place_done:
- mov $_ivp,%rdi
- mov %r11,0(%rdi) # copy iv back to user
- mov %r12,8(%rdi)
-
- mov $s0,0($out) # save output [zaps input]
- mov $s1,4($out)
- mov $s2,8($out)
- mov $s3,12($out)
-
+ sub \$16,%rcx
+ jc .Lcbc_dec_in_place_partial
+ mov %rcx,$_len
+ jnz .Lcbc_dec_in_place
jmp .Lcbc_cleanup
-#--------------------------- SLOW ROUTINE ---------------------------#
-.align 16
-.Lcbc_slow_way:
- # allocate aligned stack frame...
- lea -88(%rsp),%rbp
- and \$-64,%rbp
- # ... just "above" key schedule
- lea -88-63(%rcx),%rax
- sub %rbp,%rax
- neg %rax
- and \$0x3c0,%rax
- sub %rax,%rbp
-
- xchg %rsp,%rbp
- add \$8,%rsp # reserve for return address!
- mov %rbp,$_rsp # save %rsp
- #mov %rdi,$_inp # save copy of inp
- #mov %rsi,$_out # save copy of out
- #mov %rdx,$_len # save copy of len
- #mov %rcx,$_key # save copy of key
- mov %r8,$_ivp # save copy of ivp
- mov %r8,%rbp # rearrange input arguments
- mov %r9,%rbx
- mov %rsi,$out
- mov %rdi,$inp
- mov %rcx,$key
- mov %rdx,%r10
-
- mov 240($key),%eax
- mov $key,$keyp # save key pointer
- shl \$4,%eax
- lea ($key,%rax),%rax
- mov %rax,$keyend
-
- # pick Te4 copy which can't "overlap" with stack frame or key scdedule
- lea 2048($sbox),$sbox
- lea 768-8(%rsp),%rax
- sub $sbox,%rax
- and \$0x300,%rax
- lea ($sbox,%rax),$sbox
-
- cmp \$0,%rbx
- je .LSLOW_DECRYPT
-
-#--------------------------- SLOW ENCRYPT ---------------------------#
- test \$-16,%r10 # check upon length
- mov 0(%rbp),$s0 # load iv
- mov 4(%rbp),$s1
- mov 8(%rbp),$s2
- mov 12(%rbp),$s3
- jz .Lcbc_slow_enc_tail # short input...
-
-.align 4
-.Lcbc_slow_enc_loop:
- xor 0($inp),$s0
- xor 4($inp),$s1
- xor 8($inp),$s2
- xor 12($inp),$s3
- mov $keyp,$key # restore key
- mov $inp,$_inp # save inp
- mov $out,$_out # save out
- mov %r10,$_len # save len
-
- call _x86_64_AES_encrypt_compact
-
- mov $_inp,$inp # restore inp
- mov $_out,$out # restore out
- mov $_len,%r10 # restore len
- mov $s0,0($out)
- mov $s1,4($out)
- mov $s2,8($out)
- mov $s3,12($out)
-
- lea 16($inp),$inp
- lea 16($out),$out
- sub \$16,%r10
- test \$-16,%r10
- jnz .Lcbc_slow_enc_loop
- test \$15,%r10
- jnz .Lcbc_slow_enc_tail
- mov $_ivp,%rbp # restore ivp
- mov $s0,0(%rbp) # save ivec
- mov $s1,4(%rbp)
- mov $s2,8(%rbp)
- mov $s3,12(%rbp)
-
- jmp .Lcbc_exit
-.align 4
-.Lcbc_slow_enc_tail:
- cmp $inp,$out
- je .Lcbc_slow_enc_in_place
- mov %r10,%rcx
- mov $inp,%rsi
- mov $out,%rdi
- .long 0x9066A4F3 # rep movsb
-.Lcbc_slow_enc_in_place:
- mov \$16,%rcx # zero tail
- sub %r10,%rcx
- xor %rax,%rax
- .long 0x9066AAF3 # rep stosb
- mov $out,$inp # this is not a mistake!
- movq \$16,$_len # len=16
- jmp .Lcbc_slow_enc_loop # one more spin...
-#--------------------------- SLOW DECRYPT ---------------------------#
-.align 16
-.LSLOW_DECRYPT:
- shr \$3,%rax
- add %rax,$sbox # recall "magic" constants!
-
- mov 0(%rbp),%r11 # copy iv to stack
- mov 8(%rbp),%r12
- mov %r11,0+$ivec
- mov %r12,8+$ivec
-
.align 4
-.Lcbc_slow_dec_loop:
- mov 0($inp),$s0 # load input
- mov 4($inp),$s1
- mov 8($inp),$s2
- mov 12($inp),$s3
- mov $keyp,$key # restore key
- mov $inp,$_inp # save inp
- mov $out,$_out # save out
- mov %r10,$_len # save len
-
- call _x86_64_AES_decrypt_compact
-
- mov $_inp,$inp # restore inp
- mov $_out,$out # restore out
- mov $_len,%r10
- xor 0+$ivec,$s0
- xor 4+$ivec,$s1
- xor 8+$ivec,$s2
- xor 12+$ivec,$s3
-
- mov 0($inp),%r11 # load input
- mov 8($inp),%r12
- sub \$16,%r10
- jc .Lcbc_slow_dec_partial
- jz .Lcbc_slow_dec_done
-
- mov %r11,0+$ivec # copy input to iv
- mov %r12,8+$ivec
-
- mov $s0,0($out) # save output [can zap input]
- mov $s1,4($out)
- mov $s2,8($out)
- mov $s3,12($out)
-
- lea 16($inp),$inp
- lea 16($out),$out
- jmp .Lcbc_slow_dec_loop
-.Lcbc_slow_dec_done:
- mov $_ivp,%rdi
- mov %r11,0(%rdi) # copy iv back to user
- mov %r12,8(%rdi)
-
- mov $s0,0($out) # save output [can zap input]
- mov $s1,4($out)
- mov $s2,8($out)
- mov $s3,12($out)
-
- jmp .Lcbc_exit
-
-.align 4
-.Lcbc_slow_dec_partial:
- mov $_ivp,%rdi
- mov %r11,0(%rdi) # copy iv back to user
- mov %r12,8(%rdi)
-
- mov $s0,0+$ivec # save output to stack
- mov $s1,4+$ivec
- mov $s2,8+$ivec
- mov $s3,12+$ivec
-
- mov $out,%rdi
- lea $ivec,%rsi
- lea 16(%r10),%rcx
- .long 0x9066A4F3 # rep movsb
- jmp .Lcbc_exit
+.Lcbc_dec_in_place_partial:
+ # one can argue if this is actually required
+ lea ($out,%rcx),%rdi
+ lea (%rbp,%rcx),%rsi
+ neg %rcx
+ .long 0xF689A4F3 # rep movsb # restore tail
+ jmp .Lcbc_cleanup
.size AES_cbc_encrypt,.-AES_cbc_encrypt
___
}
&_data_word(0xdabfbf65, 0x31e6e6d7, 0xc6424284, 0xb86868d0);
&_data_word(0xc3414182, 0xb0999929, 0x772d2d5a, 0x110f0f1e);
&_data_word(0xcbb0b07b, 0xfc5454a8, 0xd6bbbb6d, 0x3a16162c);
-
-#Te4 # four copies of Te4 to choose from to avoid L1 aliasing
- &data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5);
- &data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76);
- &data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0);
- &data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0);
- &data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc);
- &data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15);
- &data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a);
- &data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75);
- &data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0);
- &data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84);
- &data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b);
- &data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf);
- &data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85);
- &data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8);
- &data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5);
- &data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2);
- &data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17);
- &data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73);
- &data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88);
- &data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb);
- &data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c);
- &data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79);
- &data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9);
- &data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08);
- &data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6);
- &data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a);
- &data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e);
- &data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e);
- &data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94);
- &data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf);
- &data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68);
- &data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16);
-
- &data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5);
- &data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76);
- &data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0);
- &data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0);
- &data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc);
- &data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15);
- &data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a);
- &data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75);
- &data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0);
- &data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84);
- &data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b);
- &data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf);
- &data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85);
- &data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8);
- &data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5);
- &data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2);
- &data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17);
- &data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73);
- &data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88);
- &data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb);
- &data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c);
- &data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79);
- &data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9);
- &data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08);
- &data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6);
- &data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a);
- &data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e);
- &data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e);
- &data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94);
- &data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf);
- &data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68);
- &data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16);
-
- &data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5);
- &data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76);
- &data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0);
- &data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0);
- &data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc);
- &data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15);
- &data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a);
- &data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75);
- &data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0);
- &data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84);
- &data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b);
- &data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf);
- &data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85);
- &data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8);
- &data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5);
- &data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2);
- &data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17);
- &data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73);
- &data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88);
- &data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb);
- &data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c);
- &data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79);
- &data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9);
- &data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08);
- &data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6);
- &data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a);
- &data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e);
- &data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e);
- &data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94);
- &data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf);
- &data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68);
- &data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16);
-
- &data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5);
- &data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76);
- &data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0);
- &data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0);
- &data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc);
- &data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15);
- &data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a);
- &data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75);
- &data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0);
- &data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84);
- &data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b);
- &data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf);
- &data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85);
- &data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8);
- &data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5);
- &data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2);
- &data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17);
- &data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73);
- &data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88);
- &data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb);
- &data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c);
- &data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79);
- &data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9);
- &data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08);
- &data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6);
- &data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a);
- &data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e);
- &data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e);
- &data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94);
- &data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf);
- &data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68);
- &data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16);
#rcon:
$code.=<<___;
.long 0x00000001, 0x00000002, 0x00000004, 0x00000008
.long 0x00000010, 0x00000020, 0x00000040, 0x00000080
- .long 0x0000001b, 0x00000036, 0x80808080, 0x80808080
- .long 0xfefefefe, 0xfefefefe, 0x1b1b1b1b, 0x1b1b1b1b
+ .long 0x0000001b, 0x00000036, 0, 0, 0, 0, 0, 0
___
$code.=<<___;
.globl AES_Td
&_data_word(0x72c31d16, 0x0c25e2bc, 0x8b493c28, 0x41950dff);
&_data_word(0x7101a839, 0xdeb30c08, 0x9ce4b4d8, 0x90c15664);
&_data_word(0x6184cb7b, 0x70b632d5, 0x745c6c48, 0x4257b8d0);
-
-#Td4: # four copies of Td4 to choose from to avoid L1 aliasing
- &data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38);
- &data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb);
- &data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87);
- &data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb);
- &data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d);
- &data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e);
- &data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2);
- &data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25);
- &data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16);
- &data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92);
- &data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda);
- &data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84);
- &data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a);
- &data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06);
- &data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02);
- &data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b);
- &data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea);
- &data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73);
- &data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85);
- &data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e);
- &data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89);
- &data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b);
- &data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20);
- &data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4);
- &data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31);
- &data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f);
- &data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d);
- &data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef);
- &data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0);
- &data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61);
- &data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26);
- &data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d);
-$code.=<<___;
- .long 0x80808080, 0x80808080, 0xfefefefe, 0xfefefefe
- .long 0x1b1b1b1b, 0x1b1b1b1b, 0, 0
-___
+#Td4:
&data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38);
&data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb);
&data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87);
&data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61);
&data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26);
&data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d);
-$code.=<<___;
- .long 0x80808080, 0x80808080, 0xfefefefe, 0xfefefefe
- .long 0x1b1b1b1b, 0x1b1b1b1b, 0, 0
-___
- &data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38);
- &data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb);
- &data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87);
- &data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb);
- &data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d);
- &data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e);
- &data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2);
- &data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25);
- &data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16);
- &data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92);
- &data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda);
- &data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84);
- &data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a);
- &data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06);
- &data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02);
- &data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b);
- &data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea);
- &data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73);
- &data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85);
- &data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e);
- &data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89);
- &data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b);
- &data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20);
- &data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4);
- &data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31);
- &data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f);
- &data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d);
- &data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef);
- &data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0);
- &data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61);
- &data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26);
- &data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d);
-$code.=<<___;
- .long 0x80808080, 0x80808080, 0xfefefefe, 0xfefefefe
- .long 0x1b1b1b1b, 0x1b1b1b1b, 0, 0
-___
- &data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38);
- &data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb);
- &data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87);
- &data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb);
- &data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d);
- &data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e);
- &data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2);
- &data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25);
- &data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16);
- &data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92);
- &data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda);
- &data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84);
- &data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a);
- &data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06);
- &data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02);
- &data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b);
- &data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea);
- &data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73);
- &data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85);
- &data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e);
- &data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89);
- &data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b);
- &data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20);
- &data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4);
- &data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31);
- &data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f);
- &data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d);
- &data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef);
- &data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0);
- &data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61);
- &data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26);
- &data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d);
-$code.=<<___;
- .long 0x80808080, 0x80808080, 0xfefefefe, 0xfefefefe
- .long 0x1b1b1b1b, 0x1b1b1b1b, 0, 0
-.asciz "AES for x86_64, CRYPTOGAMS by <appro\@openssl.org>"
-.align 64
-___
$code =~ s/\`([^\`]*)\`/eval($1)/gem;
t_req.c t_x509.c t_x509a.c t_crl.c t_pkey.c t_spki.c t_bitst.c \
tasn_new.c tasn_fre.c tasn_enc.c tasn_dec.c tasn_utl.c tasn_typ.c \
f_int.c f_string.c n_pkey.c \
- f_enum.c a_hdr.c x_pkey.c a_bool.c x_exten.c \
+ f_enum.c a_hdr.c x_pkey.c a_bool.c x_exten.c asn_mime.c \
asn1_gen.c asn1_par.c asn1_lib.c asn1_err.c a_meth.c a_bytes.c a_strnid.c \
evp_asn1.c asn_pack.c p5_pbe.c p5_pbev2.c p8_pkey.c asn_moid.c
LIBOBJ= a_object.o a_bitstr.o a_utctm.o a_gentm.o a_time.o a_int.o a_octet.o \
t_req.o t_x509.o t_x509a.o t_crl.o t_pkey.o t_spki.o t_bitst.o \
tasn_new.o tasn_fre.o tasn_enc.o tasn_dec.o tasn_utl.o tasn_typ.o \
f_int.o f_string.o n_pkey.o \
- f_enum.o a_hdr.o x_pkey.o a_bool.o x_exten.o \
+ f_enum.o a_hdr.o x_pkey.o a_bool.o x_exten.o asn_mime.o \
asn1_gen.o asn1_par.o asn1_lib.o asn1_err.o a_meth.o a_bytes.o a_strnid.o \
evp_asn1.o asn_pack.o p5_pbe.o p5_pbev2.o p8_pkey.o asn_moid.o
#include <openssl/buffer.h>
#include <openssl/asn1.h>
#include <openssl/objects.h>
+#include <openssl/bn.h>
int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp)
{
#include <stdio.h>
#include "cryptlib.h"
#include <openssl/asn1t.h>
+#include <openssl/objects.h>
int ASN1_TYPE_get(ASN1_TYPE *a)
{
a->value.ptr=value;
}
+int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value)
+ {
+ if (!value || (type == V_ASN1_BOOLEAN))
+ {
+ void *p = (void *)value;
+ ASN1_TYPE_set(a, type, p);
+ }
+ else if (type == V_ASN1_OBJECT)
+ {
+ ASN1_OBJECT *odup;
+ odup = OBJ_dup(value);
+ if (!odup)
+ return 0;
+ ASN1_TYPE_set(a, type, odup);
+ }
+ else
+ {
+ ASN1_STRING *sdup;
+ sdup = ASN1_STRING_dup((ASN1_STRING *)value);
+ if (!sdup)
+ return 0;
+ ASN1_TYPE_set(a, type, sdup);
+ }
+ return 1;
+ }
IMPLEMENT_STACK_OF(ASN1_TYPE)
IMPLEMENT_ASN1_SET_OF(ASN1_TYPE)
#define MBSTRING_BMP (MBSTRING_FLAG|2)
#define MBSTRING_UNIV (MBSTRING_FLAG|4)
+#define SMIME_OLDMIME 0x400
+#define SMIME_CRLFEOL 0x800
+#define SMIME_STREAM 0x1000
+
struct X509_algor_st;
+DECLARE_STACK_OF(X509_ALGOR)
#define DECLARE_ASN1_SET_OF(type) /* filled in by mkstack.pl */
#define IMPLEMENT_ASN1_SET_OF(type) /* nothing, no longer needed */
* be inserted in the memory buffer
*/
#define ASN1_STRING_FLAG_NDEF 0x010
+
+/* This flag is used by the CMS code to indicate that a string is not
+ * complete and is a place holder for content when it had all been
+ * accessed. The flag will be reset when content has been written to it.
+ */
+#define ASN1_STRING_FLAG_CONT 0x020
+
/* This is the base type that holds just about everything :-) */
typedef struct asn1_string_st
{
int i2d_##name##_NDEF(name *a, unsigned char **out);
#define DECLARE_ASN1_FUNCTIONS_const(name) \
- name *name##_new(void); \
- void name##_free(name *a);
+ DECLARE_ASN1_ALLOC_FUNCTIONS(name) \
+ DECLARE_ASN1_ENCODE_FUNCTIONS_const(name, name)
#define DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \
type *name##_new(void); \
int ASN1_TYPE_get(ASN1_TYPE *a);
void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value);
+int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value);
ASN1_OBJECT * ASN1_OBJECT_new(void );
void ASN1_OBJECT_free(ASN1_OBJECT *a);
/* Since this is used to store all sorts of things, via macros, for now, make
its data void * */
int ASN1_STRING_set(ASN1_STRING *str, const void *data, int len);
+void ASN1_STRING_set0(ASN1_STRING *str, void *data, int len);
int ASN1_STRING_length(ASN1_STRING *x);
void ASN1_STRING_length_set(ASN1_STRING *x, int n);
int ASN1_STRING_type(ASN1_STRING *x);
void *ASN1_item_dup(const ASN1_ITEM *it, void *x);
+/* ASN1 alloc/free macros for when a type is only used internally */
+
+#define M_ASN1_new_of(type) (type *)ASN1_item_new(ASN1_ITEM_rptr(type))
+#define M_ASN1_free_of(x, type) \
+ ASN1_item_free(CHECKED_PTR_OF(type, x), ASN1_ITEM_rptr(type))
+
#ifndef OPENSSL_NO_FP_API
void *ASN1_d2i_fp(void *(*xnew)(void), d2i_of_void *d2i, FILE *in, void **x);
ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf);
ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf);
-
+
+typedef int asn1_output_data_fn(BIO *out, BIO *data, ASN1_VALUE *val, int flags,
+ const ASN1_ITEM *it);
+
+int int_smime_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags,
+ int ctype_nid, int econt_nid,
+ STACK_OF(X509_ALGOR) *mdalgs,
+ asn1_output_data_fn *data_fn,
+ const ASN1_ITEM *it);
+ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it);
+
/* BEGIN ERROR CODES */
/* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
#define ASN1_F_ASN1_ITEM_VERIFY 197
#define ASN1_F_ASN1_MBSTRING_NCOPY 122
#define ASN1_F_ASN1_OBJECT_NEW 123
+#define ASN1_F_ASN1_OUTPUT_DATA 207
#define ASN1_F_ASN1_PACK_STRING 124
#define ASN1_F_ASN1_PCTX_NEW 205
#define ASN1_F_ASN1_PKCS5_PBE_SET 125
#define ASN1_F_ASN1_UNPACK_STRING 136
#define ASN1_F_ASN1_UTCTIME_SET 187
#define ASN1_F_ASN1_VERIFY 137
+#define ASN1_F_B64_READ_ASN1 208
+#define ASN1_F_B64_WRITE_ASN1 209
#define ASN1_F_BITSTR_CB 180
#define ASN1_F_BN_TO_ASN1_ENUMERATED 138
#define ASN1_F_BN_TO_ASN1_INTEGER 139
#define ASN1_F_PARSE_TAGGING 182
#define ASN1_F_PKCS5_PBE2_SET 167
#define ASN1_F_PKCS5_PBE_SET 202
+#define ASN1_F_SMIME_READ_ASN1 210
+#define ASN1_F_SMIME_TEXT 211
#define ASN1_F_X509_CINF_NEW 168
#define ASN1_F_X509_CRL_ADD0_REVOKED 169
#define ASN1_F_X509_INFO_NEW 170
/* Reason codes. */
#define ASN1_R_ADDING_OBJECT 171
+#define ASN1_R_ASN1_PARSE_ERROR 198
+#define ASN1_R_ASN1_SIG_PARSE_ERROR 199
#define ASN1_R_AUX_ERROR 100
#define ASN1_R_BAD_CLASS 101
#define ASN1_R_BAD_OBJECT_HEADER 102
#define ASN1_R_INTEGER_TOO_LARGE_FOR_LONG 128
#define ASN1_R_INVALID_BMPSTRING_LENGTH 129
#define ASN1_R_INVALID_DIGIT 130
+#define ASN1_R_INVALID_MIME_TYPE 200
#define ASN1_R_INVALID_MODIFIER 186
#define ASN1_R_INVALID_NUMBER 187
#define ASN1_R_INVALID_SEPARATOR 131
#define ASN1_R_IV_TOO_LARGE 135
#define ASN1_R_LENGTH_ERROR 136
#define ASN1_R_LIST_ERROR 188
+#define ASN1_R_MIME_NO_CONTENT_TYPE 201
+#define ASN1_R_MIME_PARSE_ERROR 202
+#define ASN1_R_MIME_SIG_PARSE_ERROR 203
#define ASN1_R_MISSING_EOC 137
#define ASN1_R_MISSING_SECOND_NUMBER 138
#define ASN1_R_MISSING_VALUE 189
#define ASN1_R_NON_HEX_CHARACTERS 141
#define ASN1_R_NOT_ASCII_FORMAT 190
#define ASN1_R_NOT_ENOUGH_DATA 142
+#define ASN1_R_NO_CONTENT_TYPE 204
#define ASN1_R_NO_MATCHING_CHOICE_TYPE 143
+#define ASN1_R_NO_MULTIPART_BODY_FAILURE 205
+#define ASN1_R_NO_MULTIPART_BOUNDARY 206
+#define ASN1_R_NO_SIG_CONTENT_TYPE 207
#define ASN1_R_NULL_IS_WRONG_LENGTH 144
#define ASN1_R_OBJECT_NOT_ASCII_FORMAT 191
#define ASN1_R_ODD_NUMBER_OF_CHARS 145
#define ASN1_R_SEQUENCE_NOT_CONSTRUCTED 149
#define ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG 192
#define ASN1_R_SHORT_LINE 150
+#define ASN1_R_SIG_INVALID_MIME_TYPE 208
+#define ASN1_R_STREAMING_NOT_SUPPORTED 209
#define ASN1_R_STRING_TOO_LONG 151
#define ASN1_R_STRING_TOO_SHORT 152
#define ASN1_R_TAG_VALUE_TOO_HIGH 153
/* crypto/asn1/asn1_err.c */
/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
{ERR_FUNC(ASN1_F_ASN1_ITEM_VERIFY), "ASN1_item_verify"},
{ERR_FUNC(ASN1_F_ASN1_MBSTRING_NCOPY), "ASN1_mbstring_ncopy"},
{ERR_FUNC(ASN1_F_ASN1_OBJECT_NEW), "ASN1_OBJECT_new"},
+{ERR_FUNC(ASN1_F_ASN1_OUTPUT_DATA), "ASN1_OUTPUT_DATA"},
{ERR_FUNC(ASN1_F_ASN1_PACK_STRING), "ASN1_pack_string"},
{ERR_FUNC(ASN1_F_ASN1_PCTX_NEW), "ASN1_PCTX_NEW"},
{ERR_FUNC(ASN1_F_ASN1_PKCS5_PBE_SET), "ASN1_PKCS5_PBE_SET"},
{ERR_FUNC(ASN1_F_ASN1_UNPACK_STRING), "ASN1_unpack_string"},
{ERR_FUNC(ASN1_F_ASN1_UTCTIME_SET), "ASN1_UTCTIME_set"},
{ERR_FUNC(ASN1_F_ASN1_VERIFY), "ASN1_verify"},
+{ERR_FUNC(ASN1_F_B64_READ_ASN1), "B64_READ_ASN1"},
+{ERR_FUNC(ASN1_F_B64_WRITE_ASN1), "B64_WRITE_ASN1"},
{ERR_FUNC(ASN1_F_BITSTR_CB), "BITSTR_CB"},
{ERR_FUNC(ASN1_F_BN_TO_ASN1_ENUMERATED), "BN_to_ASN1_ENUMERATED"},
{ERR_FUNC(ASN1_F_BN_TO_ASN1_INTEGER), "BN_to_ASN1_INTEGER"},
{ERR_FUNC(ASN1_F_PARSE_TAGGING), "PARSE_TAGGING"},
{ERR_FUNC(ASN1_F_PKCS5_PBE2_SET), "PKCS5_pbe2_set"},
{ERR_FUNC(ASN1_F_PKCS5_PBE_SET), "PKCS5_pbe_set"},
+{ERR_FUNC(ASN1_F_SMIME_READ_ASN1), "SMIME_read_ASN1"},
+{ERR_FUNC(ASN1_F_SMIME_TEXT), "SMIME_text"},
{ERR_FUNC(ASN1_F_X509_CINF_NEW), "X509_CINF_NEW"},
{ERR_FUNC(ASN1_F_X509_CRL_ADD0_REVOKED), "X509_CRL_add0_revoked"},
{ERR_FUNC(ASN1_F_X509_INFO_NEW), "X509_INFO_new"},
static ERR_STRING_DATA ASN1_str_reasons[]=
{
{ERR_REASON(ASN1_R_ADDING_OBJECT) ,"adding object"},
+{ERR_REASON(ASN1_R_ASN1_PARSE_ERROR) ,"asn1 parse error"},
+{ERR_REASON(ASN1_R_ASN1_SIG_PARSE_ERROR) ,"asn1 sig parse error"},
{ERR_REASON(ASN1_R_AUX_ERROR) ,"aux error"},
{ERR_REASON(ASN1_R_BAD_CLASS) ,"bad class"},
{ERR_REASON(ASN1_R_BAD_OBJECT_HEADER) ,"bad object header"},
{ERR_REASON(ASN1_R_INTEGER_TOO_LARGE_FOR_LONG),"integer too large for long"},
{ERR_REASON(ASN1_R_INVALID_BMPSTRING_LENGTH),"invalid bmpstring length"},
{ERR_REASON(ASN1_R_INVALID_DIGIT) ,"invalid digit"},
+{ERR_REASON(ASN1_R_INVALID_MIME_TYPE) ,"invalid mime type"},
{ERR_REASON(ASN1_R_INVALID_MODIFIER) ,"invalid modifier"},
{ERR_REASON(ASN1_R_INVALID_NUMBER) ,"invalid number"},
{ERR_REASON(ASN1_R_INVALID_SEPARATOR) ,"invalid separator"},
{ERR_REASON(ASN1_R_IV_TOO_LARGE) ,"iv too large"},
{ERR_REASON(ASN1_R_LENGTH_ERROR) ,"length error"},
{ERR_REASON(ASN1_R_LIST_ERROR) ,"list error"},
+{ERR_REASON(ASN1_R_MIME_NO_CONTENT_TYPE) ,"mime no content type"},
+{ERR_REASON(ASN1_R_MIME_PARSE_ERROR) ,"mime parse error"},
+{ERR_REASON(ASN1_R_MIME_SIG_PARSE_ERROR) ,"mime sig parse error"},
{ERR_REASON(ASN1_R_MISSING_EOC) ,"missing eoc"},
{ERR_REASON(ASN1_R_MISSING_SECOND_NUMBER),"missing second number"},
{ERR_REASON(ASN1_R_MISSING_VALUE) ,"missing value"},
{ERR_REASON(ASN1_R_NON_HEX_CHARACTERS) ,"non hex characters"},
{ERR_REASON(ASN1_R_NOT_ASCII_FORMAT) ,"not ascii format"},
{ERR_REASON(ASN1_R_NOT_ENOUGH_DATA) ,"not enough data"},
+{ERR_REASON(ASN1_R_NO_CONTENT_TYPE) ,"no content type"},
{ERR_REASON(ASN1_R_NO_MATCHING_CHOICE_TYPE),"no matching choice type"},
+{ERR_REASON(ASN1_R_NO_MULTIPART_BODY_FAILURE),"no multipart body failure"},
+{ERR_REASON(ASN1_R_NO_MULTIPART_BOUNDARY),"no multipart boundary"},
+{ERR_REASON(ASN1_R_NO_SIG_CONTENT_TYPE) ,"no sig content type"},
{ERR_REASON(ASN1_R_NULL_IS_WRONG_LENGTH) ,"null is wrong length"},
{ERR_REASON(ASN1_R_OBJECT_NOT_ASCII_FORMAT),"object not ascii format"},
{ERR_REASON(ASN1_R_ODD_NUMBER_OF_CHARS) ,"odd number of chars"},
{ERR_REASON(ASN1_R_SEQUENCE_NOT_CONSTRUCTED),"sequence not constructed"},
{ERR_REASON(ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG),"sequence or set needs config"},
{ERR_REASON(ASN1_R_SHORT_LINE) ,"short line"},
+{ERR_REASON(ASN1_R_SIG_INVALID_MIME_TYPE),"sig invalid mime type"},
+{ERR_REASON(ASN1_R_STREAMING_NOT_SUPPORTED),"streaming not supported"},
{ERR_REASON(ASN1_R_STRING_TOO_LONG) ,"string too long"},
{ERR_REASON(ASN1_R_STRING_TOO_SHORT) ,"string too short"},
{ERR_REASON(ASN1_R_TAG_VALUE_TOO_HIGH) ,"tag value too high"},
return(1);
}
+void ASN1_STRING_set0(ASN1_STRING *str, void *data, int len)
+ {
+ if (str->data)
+ OPENSSL_free(str->data);
+ str->data = data;
+ str->length = len;
+ }
+
ASN1_STRING *ASN1_STRING_new(void)
{
return(ASN1_STRING_type_new(V_ASN1_OCTET_STRING));
#define ASN1_NDEF_SEQUENCE(tname) \
ASN1_SEQUENCE(tname)
+#define ASN1_NDEF_SEQUENCE_cb(tname, cb) \
+ ASN1_SEQUENCE_cb(tname, cb)
+
#define ASN1_SEQUENCE_cb(tname, cb) \
static const ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \
ASN1_SEQUENCE(tname)
#define ASN1_EXP_SEQUENCE_OF_OPT(stname, field, type, tag) \
ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL)
+/* EXPLICIT using indefinite length constructed form */
+#define ASN1_NDEF_EXP(stname, field, type, tag) \
+ ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_NDEF)
+
/* EXPLICIT OPTIONAL using indefinite length constructed form */
#define ASN1_NDEF_EXP_OPT(stname, field, type, tag) \
ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL|ASN1_TFLG_NDEF)
--- /dev/null
+/* asn_mime.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#include <stdio.h>
+#include <ctype.h>
+#include "cryptlib.h"
+#include <openssl/rand.h>
+#include <openssl/x509.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+
+/* Generalised MIME like utilities for streaming ASN1. Although many
+ * have a PKCS7/CMS like flavour others are more general purpose.
+ */
+
+/* MIME format structures
+ * Note that all are translated to lower case apart from
+ * parameter values. Quotes are stripped off
+ */
+
+typedef struct {
+char *param_name; /* Param name e.g. "micalg" */
+char *param_value; /* Param value e.g. "sha1" */
+} MIME_PARAM;
+
+DECLARE_STACK_OF(MIME_PARAM)
+IMPLEMENT_STACK_OF(MIME_PARAM)
+
+typedef struct {
+char *name; /* Name of line e.g. "content-type" */
+char *value; /* Value of line e.g. "text/plain" */
+STACK_OF(MIME_PARAM) *params; /* Zero or more parameters */
+} MIME_HEADER;
+
+DECLARE_STACK_OF(MIME_HEADER)
+IMPLEMENT_STACK_OF(MIME_HEADER)
+
+static char * strip_ends(char *name);
+static char * strip_start(char *name);
+static char * strip_end(char *name);
+static MIME_HEADER *mime_hdr_new(char *name, char *value);
+static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value);
+static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio);
+static int mime_hdr_cmp(const MIME_HEADER * const *a,
+ const MIME_HEADER * const *b);
+static int mime_param_cmp(const MIME_PARAM * const *a,
+ const MIME_PARAM * const *b);
+static void mime_param_free(MIME_PARAM *param);
+static int mime_bound_check(char *line, int linelen, char *bound, int blen);
+static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret);
+static int strip_eol(char *linebuf, int *plen);
+static MIME_HEADER *mime_hdr_find(STACK_OF(MIME_HEADER) *hdrs, char *name);
+static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name);
+static void mime_hdr_free(MIME_HEADER *hdr);
+
+#define MAX_SMLEN 1024
+#define mime_debug(x) /* x */
+
+/* Base 64 read and write of ASN1 structure */
+
+static int B64_write_ASN1(BIO *out, ASN1_VALUE *val, BIO *in, int flags,
+ const ASN1_ITEM *it)
+ {
+ BIO *b64;
+ int r;
+ b64 = BIO_new(BIO_f_base64());
+ if(!b64)
+ {
+ ASN1err(ASN1_F_B64_WRITE_ASN1,ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ /* prepend the b64 BIO so all data is base64 encoded.
+ */
+ out = BIO_push(b64, out);
+ r = ASN1_item_i2d_bio(it, out, val);
+ (void)BIO_flush(out);
+ BIO_pop(out);
+ BIO_free(b64);
+ return r;
+ }
+
+static ASN1_VALUE *b64_read_asn1(BIO *bio, const ASN1_ITEM *it)
+{
+ BIO *b64;
+ ASN1_VALUE *val;
+ if(!(b64 = BIO_new(BIO_f_base64()))) {
+ ASN1err(ASN1_F_B64_READ_ASN1,ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ bio = BIO_push(b64, bio);
+ val = ASN1_item_d2i_bio(it, bio, NULL);
+ if(!val)
+ ASN1err(ASN1_F_B64_READ_ASN1,ASN1_R_DECODE_ERROR);
+ (void)BIO_flush(bio);
+ bio = BIO_pop(bio);
+ BIO_free(b64);
+ return val;
+}
+
+/* Generate the MIME "micalg" parameter from RFC3851, RFC4490 */
+
+static int asn1_write_micalg(BIO *out, STACK_OF(X509_ALGOR) *mdalgs)
+ {
+ const EVP_MD *md;
+ int i, have_unknown = 0, write_comma, md_nid;
+ have_unknown = 0;
+ write_comma = 0;
+ for (i = 0; i < sk_X509_ALGOR_num(mdalgs); i++)
+ {
+ if (write_comma)
+ BIO_write(out, ",", 1);
+ write_comma = 1;
+ md_nid = OBJ_obj2nid(sk_X509_ALGOR_value(mdalgs, i)->algorithm);
+ md = EVP_get_digestbynid(md_nid);
+ switch(md_nid)
+ {
+ case NID_sha1:
+ BIO_puts(out, "sha1");
+ break;
+
+ case NID_md5:
+ BIO_puts(out, "md5");
+ break;
+
+ case NID_sha256:
+ BIO_puts(out, "sha-256");
+ break;
+
+ case NID_sha384:
+ BIO_puts(out, "sha-384");
+ break;
+
+ case NID_sha512:
+ BIO_puts(out, "sha-512");
+ break;
+
+ default:
+ if (have_unknown)
+ write_comma = 0;
+ else
+ {
+ BIO_puts(out, "unknown");
+ have_unknown = 1;
+ }
+ break;
+
+ }
+ }
+
+ return 1;
+
+ }
+
+/* SMIME sender */
+
+int int_smime_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags,
+ int ctype_nid, int econt_nid,
+ STACK_OF(X509_ALGOR) *mdalgs,
+ asn1_output_data_fn *data_fn,
+ const ASN1_ITEM *it)
+{
+ char bound[33], c;
+ int i;
+ const char *mime_prefix, *mime_eol, *cname = "smime.p7m";
+ const char *msg_type=NULL;
+ if (flags & SMIME_OLDMIME)
+ mime_prefix = "application/x-pkcs7-";
+ else
+ mime_prefix = "application/pkcs7-";
+
+ if (flags & SMIME_CRLFEOL)
+ mime_eol = "\r\n";
+ else
+ mime_eol = "\n";
+ if((flags & SMIME_DETACHED) && data) {
+ /* We want multipart/signed */
+ /* Generate a random boundary */
+ RAND_pseudo_bytes((unsigned char *)bound, 32);
+ for(i = 0; i < 32; i++) {
+ c = bound[i] & 0xf;
+ if(c < 10) c += '0';
+ else c += 'A' - 10;
+ bound[i] = c;
+ }
+ bound[32] = 0;
+ BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol);
+ BIO_printf(bio, "Content-Type: multipart/signed;");
+ BIO_printf(bio, " protocol=\"%ssignature\";", mime_prefix);
+ BIO_puts(bio, " micalg=\"");
+ asn1_write_micalg(bio, mdalgs);
+ BIO_printf(bio, "\"; boundary=\"----%s\"%s%s",
+ bound, mime_eol, mime_eol);
+ BIO_printf(bio, "This is an S/MIME signed message%s%s",
+ mime_eol, mime_eol);
+ /* Now write out the first part */
+ BIO_printf(bio, "------%s%s", bound, mime_eol);
+ if (!data_fn(bio, data, val, flags, it))
+ return 0;
+ BIO_printf(bio, "%s------%s%s", mime_eol, bound, mime_eol);
+
+ /* Headers for signature */
+
+ BIO_printf(bio, "Content-Type: %ssignature;", mime_prefix);
+ BIO_printf(bio, " name=\"smime.p7s\"%s", mime_eol);
+ BIO_printf(bio, "Content-Transfer-Encoding: base64%s",
+ mime_eol);
+ BIO_printf(bio, "Content-Disposition: attachment;");
+ BIO_printf(bio, " filename=\"smime.p7s\"%s%s",
+ mime_eol, mime_eol);
+ B64_write_ASN1(bio, val, NULL, 0, it);
+ BIO_printf(bio,"%s------%s--%s%s", mime_eol, bound,
+ mime_eol, mime_eol);
+ return 1;
+ }
+
+ /* Determine smime-type header */
+
+ if (ctype_nid == NID_pkcs7_enveloped)
+ msg_type = "enveloped-data";
+ else if (ctype_nid == NID_pkcs7_signed)
+ {
+ if (econt_nid == NID_id_smime_ct_receipt)
+ msg_type = "signed-receipt";
+ else if (sk_X509_ALGOR_num(mdalgs) >= 0)
+ msg_type = "signed-data";
+ else
+ msg_type = "certs-only";
+ }
+ else if (ctype_nid == NID_id_smime_ct_compressedData)
+ {
+ msg_type = "compressed-data";
+ cname = "smime.p7z";
+ }
+ /* MIME headers */
+ BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol);
+ BIO_printf(bio, "Content-Disposition: attachment;");
+ BIO_printf(bio, " filename=\"%s\"%s", cname, mime_eol);
+ BIO_printf(bio, "Content-Type: %smime;", mime_prefix);
+ if (msg_type)
+ BIO_printf(bio, " smime-type=%s;", msg_type);
+ BIO_printf(bio, " name=\"%s\"%s", cname, mime_eol);
+ BIO_printf(bio, "Content-Transfer-Encoding: base64%s%s",
+ mime_eol, mime_eol);
+ if (!B64_write_ASN1(bio, val, data, flags, it))
+ return 0;
+ BIO_printf(bio, "%s", mime_eol);
+ return 1;
+}
+
+#if 0
+
+/* Handle output of ASN1 data */
+
+
+static int asn1_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags,
+ const ASN1_ITEM *it)
+ {
+ BIO *tmpbio;
+ const ASN1_AUX *aux = it->funcs;
+ ASN1_STREAM_ARG sarg;
+
+ if (!(flags & SMIME_DETACHED))
+ {
+ SMIME_crlf_copy(data, out, flags);
+ return 1;
+ }
+
+ if (!aux || !aux->asn1_cb)
+ {
+ ASN1err(ASN1_F_ASN1_OUTPUT_DATA,
+ ASN1_R_STREAMING_NOT_SUPPORTED);
+ return 0;
+ }
+
+ sarg.out = out;
+ sarg.ndef_bio = NULL;
+ sarg.boundary = NULL;
+
+ /* Let ASN1 code prepend any needed BIOs */
+
+ if (aux->asn1_cb(ASN1_OP_DETACHED_PRE, &val, it, &sarg) <= 0)
+ return 0;
+
+ /* Copy data across, passing through filter BIOs for processing */
+ SMIME_crlf_copy(data, sarg.ndef_bio, flags);
+
+ /* Finalize structure */
+ if (aux->asn1_cb(ASN1_OP_DETACHED_POST, &val, it, &sarg) <= 0)
+ return 0;
+
+ /* Now remove any digests prepended to the BIO */
+
+ while (sarg.ndef_bio != out)
+ {
+ tmpbio = BIO_pop(sarg.ndef_bio);
+ BIO_free(sarg.ndef_bio);
+ sarg.ndef_bio = tmpbio;
+ }
+
+ return 1;
+
+ }
+
+#endif
+
+/* SMIME reader: handle multipart/signed and opaque signing.
+ * in multipart case the content is placed in a memory BIO
+ * pointed to by "bcont". In opaque this is set to NULL
+ */
+
+ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it)
+{
+ BIO *asnin;
+ STACK_OF(MIME_HEADER) *headers = NULL;
+ STACK_OF(BIO) *parts = NULL;
+ MIME_HEADER *hdr;
+ MIME_PARAM *prm;
+ ASN1_VALUE *val;
+ int ret;
+
+ if(bcont) *bcont = NULL;
+
+ if (!(headers = mime_parse_hdr(bio))) {
+ ASN1err(ASN1_F_SMIME_READ_ASN1,ASN1_R_MIME_PARSE_ERROR);
+ return NULL;
+ }
+
+ if(!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) {
+ sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+ ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_CONTENT_TYPE);
+ return NULL;
+ }
+
+ /* Handle multipart/signed */
+
+ if(!strcmp(hdr->value, "multipart/signed")) {
+ /* Split into two parts */
+ prm = mime_param_find(hdr, "boundary");
+ if(!prm || !prm->param_value) {
+ sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+ ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_MULTIPART_BOUNDARY);
+ return NULL;
+ }
+ ret = multi_split(bio, prm->param_value, &parts);
+ sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+ if(!ret || (sk_BIO_num(parts) != 2) ) {
+ ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_MULTIPART_BODY_FAILURE);
+ sk_BIO_pop_free(parts, BIO_vfree);
+ return NULL;
+ }
+
+ /* Parse the signature piece */
+ asnin = sk_BIO_value(parts, 1);
+
+ if (!(headers = mime_parse_hdr(asnin))) {
+ ASN1err(ASN1_F_SMIME_READ_ASN1,ASN1_R_MIME_SIG_PARSE_ERROR);
+ sk_BIO_pop_free(parts, BIO_vfree);
+ return NULL;
+ }
+
+ /* Get content type */
+
+ if(!(hdr = mime_hdr_find(headers, "content-type")) ||
+ !hdr->value) {
+ sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+ ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_SIG_CONTENT_TYPE);
+ return NULL;
+ }
+
+ if(strcmp(hdr->value, "application/x-pkcs7-signature") &&
+ strcmp(hdr->value, "application/pkcs7-signature")) {
+ sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+ ASN1err(ASN1_F_SMIME_READ_ASN1,ASN1_R_SIG_INVALID_MIME_TYPE);
+ ERR_add_error_data(2, "type: ", hdr->value);
+ sk_BIO_pop_free(parts, BIO_vfree);
+ return NULL;
+ }
+ sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+ /* Read in ASN1 */
+ if(!(val = b64_read_asn1(asnin, it))) {
+ ASN1err(ASN1_F_SMIME_READ_ASN1,ASN1_R_ASN1_SIG_PARSE_ERROR);
+ sk_BIO_pop_free(parts, BIO_vfree);
+ return NULL;
+ }
+
+ if(bcont) {
+ *bcont = sk_BIO_value(parts, 0);
+ BIO_free(asnin);
+ sk_BIO_free(parts);
+ } else sk_BIO_pop_free(parts, BIO_vfree);
+ return val;
+ }
+
+ /* OK, if not multipart/signed try opaque signature */
+
+ if (strcmp (hdr->value, "application/x-pkcs7-mime") &&
+ strcmp (hdr->value, "application/pkcs7-mime")) {
+ ASN1err(ASN1_F_SMIME_READ_ASN1,ASN1_R_INVALID_MIME_TYPE);
+ ERR_add_error_data(2, "type: ", hdr->value);
+ sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+ return NULL;
+ }
+
+ sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+
+ if(!(val = b64_read_asn1(bio, it))) {
+ ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_ASN1_PARSE_ERROR);
+ return NULL;
+ }
+ return val;
+
+}
+
+/* Copy text from one BIO to another making the output CRLF at EOL */
+int SMIME_crlf_copy(BIO *in, BIO *out, int flags)
+{
+ BIO *bf;
+ char eol;
+ int len;
+ char linebuf[MAX_SMLEN];
+ /* Buffer output so we don't write one line at a time. This is
+ * useful when streaming as we don't end up with one OCTET STRING
+ * per line.
+ */
+ bf = BIO_new(BIO_f_buffer());
+ if (!bf)
+ return 0;
+ out = BIO_push(bf, out);
+ if(flags & SMIME_BINARY)
+ {
+ while((len = BIO_read(in, linebuf, MAX_SMLEN)) > 0)
+ BIO_write(out, linebuf, len);
+ }
+ else
+ {
+ if(flags & SMIME_TEXT)
+ BIO_printf(out, "Content-Type: text/plain\r\n\r\n");
+ while ((len = BIO_gets(in, linebuf, MAX_SMLEN)) > 0)
+ {
+ eol = strip_eol(linebuf, &len);
+ if (len)
+ BIO_write(out, linebuf, len);
+ if(eol) BIO_write(out, "\r\n", 2);
+ }
+ }
+ (void)BIO_flush(out);
+ BIO_pop(out);
+ BIO_free(bf);
+ return 1;
+}
+
+/* Strip off headers if they are text/plain */
+int SMIME_text(BIO *in, BIO *out)
+{
+ char iobuf[4096];
+ int len;
+ STACK_OF(MIME_HEADER) *headers;
+ MIME_HEADER *hdr;
+
+ if (!(headers = mime_parse_hdr(in))) {
+ ASN1err(ASN1_F_SMIME_TEXT,ASN1_R_MIME_PARSE_ERROR);
+ return 0;
+ }
+ if(!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) {
+ ASN1err(ASN1_F_SMIME_TEXT,ASN1_R_MIME_NO_CONTENT_TYPE);
+ sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+ return 0;
+ }
+ if (strcmp (hdr->value, "text/plain")) {
+ ASN1err(ASN1_F_SMIME_TEXT,ASN1_R_INVALID_MIME_TYPE);
+ ERR_add_error_data(2, "type: ", hdr->value);
+ sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+ return 0;
+ }
+ sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+ while ((len = BIO_read(in, iobuf, sizeof(iobuf))) > 0)
+ BIO_write(out, iobuf, len);
+ return 1;
+}
+
+/* Split a multipart/XXX message body into component parts: result is
+ * canonical parts in a STACK of bios
+ */
+
+static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret)
+{
+ char linebuf[MAX_SMLEN];
+ int len, blen;
+ int eol = 0, next_eol = 0;
+ BIO *bpart = NULL;
+ STACK_OF(BIO) *parts;
+ char state, part, first;
+
+ blen = strlen(bound);
+ part = 0;
+ state = 0;
+ first = 1;
+ parts = sk_BIO_new_null();
+ *ret = parts;
+ while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) {
+ state = mime_bound_check(linebuf, len, bound, blen);
+ if(state == 1) {
+ first = 1;
+ part++;
+ } else if(state == 2) {
+ sk_BIO_push(parts, bpart);
+ return 1;
+ } else if(part) {
+ /* Strip CR+LF from linebuf */
+ next_eol = strip_eol(linebuf, &len);
+ if(first) {
+ first = 0;
+ if(bpart) sk_BIO_push(parts, bpart);
+ bpart = BIO_new(BIO_s_mem());
+ BIO_set_mem_eof_return(bpart, 0);
+ } else if (eol)
+ BIO_write(bpart, "\r\n", 2);
+ eol = next_eol;
+ if (len)
+ BIO_write(bpart, linebuf, len);
+ }
+ }
+ return 0;
+}
+
+/* This is the big one: parse MIME header lines up to message body */
+
+#define MIME_INVALID 0
+#define MIME_START 1
+#define MIME_TYPE 2
+#define MIME_NAME 3
+#define MIME_VALUE 4
+#define MIME_QUOTE 5
+#define MIME_COMMENT 6
+
+
+static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio)
+{
+ char *p, *q, c;
+ char *ntmp;
+ char linebuf[MAX_SMLEN];
+ MIME_HEADER *mhdr = NULL;
+ STACK_OF(MIME_HEADER) *headers;
+ int len, state, save_state = 0;
+
+ headers = sk_MIME_HEADER_new(mime_hdr_cmp);
+ while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) {
+ /* If whitespace at line start then continuation line */
+ if(mhdr && isspace((unsigned char)linebuf[0])) state = MIME_NAME;
+ else state = MIME_START;
+ ntmp = NULL;
+ /* Go through all characters */
+ for(p = linebuf, q = linebuf; (c = *p) && (c!='\r') && (c!='\n'); p++) {
+
+ /* State machine to handle MIME headers
+ * if this looks horrible that's because it *is*
+ */
+
+ switch(state) {
+ case MIME_START:
+ if(c == ':') {
+ state = MIME_TYPE;
+ *p = 0;
+ ntmp = strip_ends(q);
+ q = p + 1;
+ }
+ break;
+
+ case MIME_TYPE:
+ if(c == ';') {
+ mime_debug("Found End Value\n");
+ *p = 0;
+ mhdr = mime_hdr_new(ntmp, strip_ends(q));
+ sk_MIME_HEADER_push(headers, mhdr);
+ ntmp = NULL;
+ q = p + 1;
+ state = MIME_NAME;
+ } else if(c == '(') {
+ save_state = state;
+ state = MIME_COMMENT;
+ }
+ break;
+
+ case MIME_COMMENT:
+ if(c == ')') {
+ state = save_state;
+ }
+ break;
+
+ case MIME_NAME:
+ if(c == '=') {
+ state = MIME_VALUE;
+ *p = 0;
+ ntmp = strip_ends(q);
+ q = p + 1;
+ }
+ break ;
+
+ case MIME_VALUE:
+ if(c == ';') {
+ state = MIME_NAME;
+ *p = 0;
+ mime_hdr_addparam(mhdr, ntmp, strip_ends(q));
+ ntmp = NULL;
+ q = p + 1;
+ } else if (c == '"') {
+ mime_debug("Found Quote\n");
+ state = MIME_QUOTE;
+ } else if(c == '(') {
+ save_state = state;
+ state = MIME_COMMENT;
+ }
+ break;
+
+ case MIME_QUOTE:
+ if(c == '"') {
+ mime_debug("Found Match Quote\n");
+ state = MIME_VALUE;
+ }
+ break;
+ }
+ }
+
+ if(state == MIME_TYPE) {
+ mhdr = mime_hdr_new(ntmp, strip_ends(q));
+ sk_MIME_HEADER_push(headers, mhdr);
+ } else if(state == MIME_VALUE)
+ mime_hdr_addparam(mhdr, ntmp, strip_ends(q));
+ if(p == linebuf) break; /* Blank line means end of headers */
+}
+
+return headers;
+
+}
+
+static char *strip_ends(char *name)
+{
+ return strip_end(strip_start(name));
+}
+
+/* Strip a parameter of whitespace from start of param */
+static char *strip_start(char *name)
+{
+ char *p, c;
+ /* Look for first non white space or quote */
+ for(p = name; (c = *p) ;p++) {
+ if(c == '"') {
+ /* Next char is start of string if non null */
+ if(p[1]) return p + 1;
+ /* Else null string */
+ return NULL;
+ }
+ if(!isspace((unsigned char)c)) return p;
+ }
+ return NULL;
+}
+
+/* As above but strip from end of string : maybe should handle brackets? */
+static char *strip_end(char *name)
+{
+ char *p, c;
+ if(!name) return NULL;
+ /* Look for first non white space or quote */
+ for(p = name + strlen(name) - 1; p >= name ;p--) {
+ c = *p;
+ if(c == '"') {
+ if(p - 1 == name) return NULL;
+ *p = 0;
+ return name;
+ }
+ if(isspace((unsigned char)c)) *p = 0;
+ else return name;
+ }
+ return NULL;
+}
+
+static MIME_HEADER *mime_hdr_new(char *name, char *value)
+{
+ MIME_HEADER *mhdr;
+ char *tmpname, *tmpval, *p;
+ int c;
+ if(name) {
+ if(!(tmpname = BUF_strdup(name))) return NULL;
+ for(p = tmpname ; *p; p++) {
+ c = *p;
+ if(isupper(c)) {
+ c = tolower(c);
+ *p = c;
+ }
+ }
+ } else tmpname = NULL;
+ if(value) {
+ if(!(tmpval = BUF_strdup(value))) return NULL;
+ for(p = tmpval ; *p; p++) {
+ c = *p;
+ if(isupper(c)) {
+ c = tolower(c);
+ *p = c;
+ }
+ }
+ } else tmpval = NULL;
+ mhdr = (MIME_HEADER *) OPENSSL_malloc(sizeof(MIME_HEADER));
+ if(!mhdr) return NULL;
+ mhdr->name = tmpname;
+ mhdr->value = tmpval;
+ if(!(mhdr->params = sk_MIME_PARAM_new(mime_param_cmp))) return NULL;
+ return mhdr;
+}
+
+static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value)
+{
+ char *tmpname, *tmpval, *p;
+ int c;
+ MIME_PARAM *mparam;
+ if(name) {
+ tmpname = BUF_strdup(name);
+ if(!tmpname) return 0;
+ for(p = tmpname ; *p; p++) {
+ c = *p;
+ if(isupper(c)) {
+ c = tolower(c);
+ *p = c;
+ }
+ }
+ } else tmpname = NULL;
+ if(value) {
+ tmpval = BUF_strdup(value);
+ if(!tmpval) return 0;
+ } else tmpval = NULL;
+ /* Parameter values are case sensitive so leave as is */
+ mparam = (MIME_PARAM *) OPENSSL_malloc(sizeof(MIME_PARAM));
+ if(!mparam) return 0;
+ mparam->param_name = tmpname;
+ mparam->param_value = tmpval;
+ sk_MIME_PARAM_push(mhdr->params, mparam);
+ return 1;
+}
+
+static int mime_hdr_cmp(const MIME_HEADER * const *a,
+ const MIME_HEADER * const *b)
+{
+ return(strcmp((*a)->name, (*b)->name));
+}
+
+static int mime_param_cmp(const MIME_PARAM * const *a,
+ const MIME_PARAM * const *b)
+{
+ return(strcmp((*a)->param_name, (*b)->param_name));
+}
+
+/* Find a header with a given name (if possible) */
+
+static MIME_HEADER *mime_hdr_find(STACK_OF(MIME_HEADER) *hdrs, char *name)
+{
+ MIME_HEADER htmp;
+ int idx;
+ htmp.name = name;
+ idx = sk_MIME_HEADER_find(hdrs, &htmp);
+ if(idx < 0) return NULL;
+ return sk_MIME_HEADER_value(hdrs, idx);
+}
+
+static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name)
+{
+ MIME_PARAM param;
+ int idx;
+ param.param_name = name;
+ idx = sk_MIME_PARAM_find(hdr->params, ¶m);
+ if(idx < 0) return NULL;
+ return sk_MIME_PARAM_value(hdr->params, idx);
+}
+
+static void mime_hdr_free(MIME_HEADER *hdr)
+{
+ if(hdr->name) OPENSSL_free(hdr->name);
+ if(hdr->value) OPENSSL_free(hdr->value);
+ if(hdr->params) sk_MIME_PARAM_pop_free(hdr->params, mime_param_free);
+ OPENSSL_free(hdr);
+}
+
+static void mime_param_free(MIME_PARAM *param)
+{
+ if(param->param_name) OPENSSL_free(param->param_name);
+ if(param->param_value) OPENSSL_free(param->param_value);
+ OPENSSL_free(param);
+}
+
+/* Check for a multipart boundary. Returns:
+ * 0 : no boundary
+ * 1 : part boundary
+ * 2 : final boundary
+ */
+static int mime_bound_check(char *line, int linelen, char *bound, int blen)
+{
+ if(linelen == -1) linelen = strlen(line);
+ if(blen == -1) blen = strlen(bound);
+ /* Quickly eliminate if line length too short */
+ if(blen + 2 > linelen) return 0;
+ /* Check for part boundary */
+ if(!strncmp(line, "--", 2) && !strncmp(line + 2, bound, blen)) {
+ if(!strncmp(line + blen + 2, "--", 2)) return 2;
+ else return 1;
+ }
+ return 0;
+}
+
+static int strip_eol(char *linebuf, int *plen)
+ {
+ int len = *plen;
+ char *p, c;
+ int is_eol = 0;
+ p = linebuf + len - 1;
+ for (p = linebuf + len - 1; len > 0; len--, p--)
+ {
+ c = *p;
+ if (c == '\n')
+ is_eol = 1;
+ else if (c != '\r')
+ break;
+ }
+ *plen = len;
+ return is_eol;
+ }
return;
}
i = asn1_get_choice_selector(pval, it);
- if (asn1_cb)
- asn1_cb(ASN1_OP_FREE_PRE, pval, it);
if ((i >= 0) && (i < it->tcount))
{
ASN1_VALUE **pchval;
ASN1_OPT(X509_ALGOR, parameter, ASN1_ANY)
} ASN1_SEQUENCE_END(X509_ALGOR)
+ASN1_ITEM_TEMPLATE(X509_ALGORS) =
+ ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, algorithms, X509_ALGOR)
+ASN1_ITEM_TEMPLATE_END(X509_ALGORS)
+
IMPLEMENT_ASN1_FUNCTIONS(X509_ALGOR)
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(X509_ALGORS, X509_ALGORS, X509_ALGORS)
IMPLEMENT_ASN1_DUP_FUNCTION(X509_ALGOR)
IMPLEMENT_STACK_OF(X509_ALGOR)
IMPLEMENT_ASN1_SET_OF(X509_ALGOR)
+
+int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval)
+ {
+ if (!alg)
+ return 0;
+ if (ptype != V_ASN1_UNDEF)
+ {
+ if (alg->parameter == NULL)
+ alg->parameter = ASN1_TYPE_new();
+ if (alg->parameter == NULL)
+ return 0;
+ }
+ if (alg)
+ {
+ if (alg->algorithm)
+ ASN1_OBJECT_free(alg->algorithm);
+ alg->algorithm = aobj;
+ }
+ if (ptype == 0)
+ return 1;
+ if (ptype == V_ASN1_UNDEF)
+ {
+ if (alg->parameter)
+ {
+ ASN1_TYPE_free(alg->parameter);
+ alg->parameter = NULL;
+ }
+ }
+ else
+ ASN1_TYPE_set(alg->parameter, ptype, pval);
+ return 1;
+ }
+
+void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, void **ppval,
+ X509_ALGOR *algor)
+ {
+ if (paobj)
+ *paobj = algor->algorithm;
+ if (pptype)
+ {
+ if (algor->parameter == NULL)
+ {
+ *pptype = V_ASN1_UNDEF;
+ return;
+ }
+ else
+ *pptype = algor->parameter->type;
+ if (ppval)
+ *ppval = algor->parameter->value.ptr;
+ }
+ }
+
#include <string.h>
#include <openssl/blowfish.h>
#include <openssl/crypto.h>
+#ifdef OPENSSL_FIPS
#include <openssl/fips.h>
+#endif
+
#include "bf_locl.h"
#include "bf_pi.h"
#include "cryptlib.h"
#include <openssl/bio.h>
#if defined(OPENSSL_SYS_NETWARE) && defined(NETWARE_BSDSOCK)
-#include "netdb.h"
+#include <netdb.h>
+#if defined(NETWARE_CLIB)
+#include <sys/ioctl.h>
+NETDB_DEFINE_CONTEXT
+#endif
#endif
#ifndef OPENSSL_NO_SOCK
/* Note: under VMS with SOCKETSHR, it seems like the first
* parameter is 'char *', instead of 'const char *'
*/
- s=getservbyname(
#ifndef CONST_STRICT
- (char *)
+ s=getservbyname((char *)str,"tcp");
+#else
+ s=getservbyname(str,"tcp");
#endif
- str,"tcp");
if(s != NULL)
*port_ptr=ntohs((unsigned short)s->s_port);
CRYPTO_w_unlock(CRYPTO_LOCK_GETSERVBYNAME);
#if 1
/* Caching gethostbyname() results forever is wrong,
* so we have to let the true gethostbyname() worry about this */
+#if (defined(NETWARE_BSDSOCK) && !defined(__NOVELL_LIBC__))
+ return gethostbyname((char*)name);
+#else
return gethostbyname(name);
+#endif
#else
struct hostent *ret;
int i,lowi=0,j;
/* Note: under VMS with SOCKETSHR, it seems like the first
* parameter is 'char *', instead of 'const char *'
*/
- ret=gethostbyname(
# ifndef CONST_STRICT
- (char *)
+ ret=gethostbyname((char *)name);
+# else
+ ret=gethostbyname(name);
# endif
- name);
if (ret == NULL)
goto end;
#define BIO_TYPE_BIO (19|0x0400) /* (half a) BIO pair */
#define BIO_TYPE_LINEBUFFER (20|0x0200) /* filter */
#define BIO_TYPE_DGRAM (21|0x0400|0x0100)
+#define BIO_TYPE_COMP (23|0x0200) /* filter */
#define BIO_TYPE_DESCRIPTOR 0x0100 /* socket, fd, connect or accept */
#define BIO_TYPE_FILTER 0x0200
clear_socket_error();
if ( data->connected )
- ret=send(b->num,in,inl,0);
+ ret=writesocket(b->num,in,inl);
else
+#if defined(NETWARE_CLIB) && defined(NETWARE_BSDSOCK)
+ ret=sendto(b->num, (char *)in, inl, 0, &data->peer, sizeof(data->peer));
+#else
ret=sendto(b->num, in, inl, 0, &data->peer, sizeof(data->peer));
+#endif
BIO_clear_retry_flags(b);
if (ret <= 0)
#include "bio_lcl.h"
#include <openssl/err.h>
+#if defined(OPENSSL_SYS_NETWARE) && defined(NETWARE_CLIB)
+#include <nwfileio.h>
+#endif
+
#if !defined(OPENSSL_NO_STDIO)
static int MS_CALLBACK file_write(BIO *h, const char *buf, int num);
/* Under CLib there are differences in file modes
*/
if (num & BIO_FP_TEXT)
- _setmode(fd,O_TEXT);
+ setmode(fd,O_TEXT);
else
- _setmode(fd,O_BINARY);
+ setmode(fd,O_BINARY);
#elif defined(OPENSSL_SYS_MSDOS)
int fd = fileno((FILE*)ptr);
/* Set correct text/binary mode */
#!/usr/bin/env perl
+# This is crypto/bn/asm/x86-mont.pl (with asciz from crypto/perlasm/x86asm.pl)
+# from OpenSSL 0.9.9-dev
+
+sub ::asciz
+{ my @str=unpack("C*",shift);
+ push @str,0;
+ while ($#str>15) {
+ &data_byte(@str[0..15]);
+ foreach (0..15) { shift @str; }
+ }
+ &data_byte(@str) if (@str);
+}
+
# ====================================================================
# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
# project. The module is, however, dual licensed under OpenSSL and
# Integer-only code [being equipped with dedicated squaring procedure]
# gives ~40% on rsa512 sign benchmark...
-$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
-push(@INC,"${dir}","${dir}../../perlasm");
+push(@INC,"perlasm","../../perlasm");
require "x86asm.pl";
&asm_init($ARGV[0],$0);
#include <openssl/cast.h>
#include <openssl/crypto.h>
+#ifdef OPENSSL_FIPS
#include <openssl/fips.h>
+#endif
+
#include "cast_lcl.h"
#include "cast_s.h"
--- /dev/null
+#
+# OpenSSL/crypto/cms/Makefile
+#
+
+DIR= cms
+TOP= ../..
+CC= cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+MAKEFILE= Makefile
+AR= ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= cms_lib.c cms_asn1.c cms_att.c cms_io.c cms_smime.c cms_err.c \
+ cms_sd.c cms_dd.c cms_cd.c cms_env.c cms_enc.c cms_ess.c
+LIBOBJ= cms_lib.o cms_asn1.o cms_att.o cms_io.o cms_smime.o cms_err.o \
+ cms_sd.o cms_dd.o cms_cd.o cms_env.o cms_enc.o cms_ess.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= cms.h
+HEADER= cms_lcl.h $(EXHEADER)
+
+ALL= $(GENERAL) $(SRC) $(HEADER)
+
+top:
+ (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+test:
+
+all: lib
+
+lib: $(LIBOBJ)
+ $(AR) $(LIB) $(LIBOBJ)
+ $(RANLIB) $(LIB) || echo Never mind.
+ @touch lib
+
+files:
+ $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+
+links:
+ @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+ @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+ @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+ @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ do \
+ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+
+tags:
+ ctags $(SRC)
+
+tests:
+
+lint:
+ lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+ @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+ $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+ $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+ mv -f Makefile.new $(MAKEFILE)
+
+clean:
+ rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+cms_asn1.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+cms_asn1.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+cms_asn1.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+cms_asn1.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+cms_asn1.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+cms_asn1.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+cms_asn1.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+cms_asn1.o: ../../include/openssl/opensslconf.h
+cms_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+cms_asn1.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+cms_asn1.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+cms_asn1.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+cms_asn1.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+cms_asn1.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+cms_asn1.o: cms.h cms_asn1.c cms_lcl.h
+cms_att.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+cms_att.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+cms_att.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+cms_att.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+cms_att.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+cms_att.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+cms_att.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+cms_att.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+cms_att.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+cms_att.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+cms_att.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+cms_att.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+cms_att.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+cms_att.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+cms_att.o: cms.h cms_att.c cms_lcl.h
+cms_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+cms_err.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h
+cms_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+cms_err.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+cms_err.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+cms_err.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+cms_err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+cms_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+cms_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+cms_err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+cms_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+cms_err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+cms_err.o: cms_err.c
+cms_io.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+cms_io.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+cms_io.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+cms_io.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+cms_io.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+cms_io.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+cms_io.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+cms_io.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+cms_io.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
+cms_io.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
+cms_io.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+cms_io.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+cms_io.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h cms.h
+cms_io.o: cms_io.c cms_lcl.h
+cms_lib.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+cms_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+cms_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+cms_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+cms_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+cms_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+cms_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+cms_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+cms_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
+cms_lib.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
+cms_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+cms_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+cms_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h cms.h
+cms_lib.o: cms_lcl.h cms_lib.c
+cms_sd.o: ../../e_os.h ../../include/openssl/asn1.h
+cms_sd.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+cms_sd.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h
+cms_sd.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+cms_sd.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+cms_sd.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+cms_sd.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+cms_sd.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+cms_sd.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+cms_sd.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+cms_sd.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+cms_sd.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+cms_sd.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+cms_sd.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+cms_sd.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+cms_sd.o: ../cryptlib.h cms_lcl.h cms_sd.c
+cms_smime.o: ../../e_os.h ../../include/openssl/asn1.h
+cms_smime.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+cms_smime.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h
+cms_smime.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+cms_smime.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+cms_smime.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+cms_smime.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+cms_smime.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+cms_smime.o: ../../include/openssl/objects.h
+cms_smime.o: ../../include/openssl/opensslconf.h
+cms_smime.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+cms_smime.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+cms_smime.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+cms_smime.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+cms_smime.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+cms_smime.o: ../cryptlib.h cms_lcl.h cms_smime.c
--- /dev/null
+/* crypto/cms/cms.h */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+
+#ifndef HEADER_CMS_H
+#define HEADER_CMS_H
+
+#include <openssl/x509.h>
+
+#ifdef OPENSSL_NO_CMS
+#error CMS is disabled.
+#endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+
+typedef struct CMS_ContentInfo_st CMS_ContentInfo;
+typedef struct CMS_SignerInfo_st CMS_SignerInfo;
+typedef struct CMS_CertificateChoices CMS_CertificateChoices;
+typedef struct CMS_RevocationInfoChoice_st CMS_RevocationInfoChoice;
+typedef struct CMS_RecipientInfo_st CMS_RecipientInfo;
+typedef struct CMS_ReceiptRequest_st CMS_ReceiptRequest;
+typedef struct CMS_Receipt_st CMS_Receipt;
+
+DECLARE_STACK_OF(CMS_SignerInfo)
+DECLARE_STACK_OF(GENERAL_NAMES)
+DECLARE_ASN1_FUNCTIONS_const(CMS_ContentInfo)
+DECLARE_ASN1_FUNCTIONS_const(CMS_ReceiptRequest)
+
+#define CMS_SIGNERINFO_ISSUER_SERIAL 0
+#define CMS_SIGNERINFO_KEYIDENTIFIER 1
+
+#define CMS_RECIPINFO_TRANS 0
+#define CMS_RECIPINFO_AGREE 1
+#define CMS_RECIPINFO_KEK 2
+#define CMS_RECIPINFO_PASS 3
+#define CMS_RECIPINFO_OTHER 4
+
+/* S/MIME related flags */
+
+#define CMS_TEXT 0x1
+#define CMS_NOCERTS 0x2
+#define CMS_NO_CONTENT_VERIFY 0x4
+#define CMS_NO_ATTR_VERIFY 0x8
+#define CMS_NOSIGS \
+ (CMS_NO_CONTENT_VERIFY|CMS_NO_ATTR_VERIFY)
+#define CMS_NOINTERN 0x10
+#define CMS_NO_SIGNER_CERT_VERIFY 0x20
+#define CMS_NOVERIFY 0x20
+#define CMS_DETACHED 0x40
+#define CMS_BINARY 0x80
+#define CMS_NOATTR 0x100
+#define CMS_NOSMIMECAP 0x200
+#define CMS_NOOLDMIMETYPE 0x400
+#define CMS_CRLFEOL 0x800
+#define CMS_STREAM 0x1000
+#define CMS_NOCRL 0x2000
+#define CMS_PARTIAL 0x4000
+#define CMS_REUSE_DIGEST 0x8000
+#define CMS_USE_KEYID 0x10000
+
+const ASN1_OBJECT *CMS_get0_type(CMS_ContentInfo *cms);
+
+BIO *CMS_dataInit(CMS_ContentInfo *cms, BIO *icont);
+int CMS_dataFinal(CMS_ContentInfo *cms, BIO *bio);
+
+ASN1_OCTET_STRING **CMS_get0_content(CMS_ContentInfo *cms);
+int CMS_is_detached(CMS_ContentInfo *cms);
+int CMS_set_detached(CMS_ContentInfo *cms, int detached);
+
+#ifdef HEADER_PEM_H
+DECLARE_PEM_rw_const(CMS, CMS_ContentInfo)
+#endif
+
+CMS_ContentInfo *d2i_CMS_bio(BIO *bp, CMS_ContentInfo **cms);
+int i2d_CMS_bio(BIO *bp, CMS_ContentInfo *cms);
+
+CMS_ContentInfo *SMIME_read_CMS(BIO *bio, BIO **bcont);
+int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags);
+
+int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, unsigned int flags);
+
+CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
+ BIO *data, unsigned int flags);
+
+CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
+ X509 *signcert, EVP_PKEY *pkey,
+ STACK_OF(X509) *certs,
+ unsigned int flags);
+
+int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags);
+CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags);
+
+int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
+ unsigned int flags);
+CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md,
+ unsigned int flags);
+
+int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms,
+ const unsigned char *key, size_t keylen,
+ BIO *dcont, BIO *out, unsigned int flags);
+
+CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher,
+ const unsigned char *key, size_t keylen,
+ unsigned int flags);
+
+int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph,
+ const unsigned char *key, size_t keylen);
+
+int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
+ X509_STORE *store, BIO *dcont, BIO *out, unsigned int flags);
+
+int CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms,
+ STACK_OF(X509) *certs,
+ X509_STORE *store, unsigned int flags);
+
+STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms);
+
+CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in,
+ const EVP_CIPHER *cipher, unsigned int flags);
+
+int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert,
+ BIO *dcont, BIO *out,
+ unsigned int flags);
+
+int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert);
+int CMS_decrypt_set1_key(CMS_ContentInfo *cms,
+ unsigned char *key, size_t keylen,
+ unsigned char *id, size_t idlen);
+
+STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms);
+int CMS_RecipientInfo_type(CMS_RecipientInfo *ri);
+CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher);
+CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
+ X509 *recip, unsigned int flags);
+int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey);
+int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert);
+int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri,
+ EVP_PKEY **pk, X509 **recip,
+ X509_ALGOR **palg);
+int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri,
+ ASN1_OCTET_STRING **keyid,
+ X509_NAME **issuer, ASN1_INTEGER **sno);
+
+CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid,
+ unsigned char *key, size_t keylen,
+ unsigned char *id, size_t idlen,
+ ASN1_GENERALIZEDTIME *date,
+ ASN1_OBJECT *otherTypeId,
+ ASN1_TYPE *otherType);
+
+int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri,
+ X509_ALGOR **palg,
+ ASN1_OCTET_STRING **pid,
+ ASN1_GENERALIZEDTIME **pdate,
+ ASN1_OBJECT **potherid,
+ ASN1_TYPE **pothertype);
+
+int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri,
+ unsigned char *key, size_t keylen);
+
+int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri,
+ const unsigned char *id, size_t idlen);
+
+int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri);
+
+int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
+ unsigned int flags);
+CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags);
+
+int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid);
+const ASN1_OBJECT *CMS_get0_eContentType(CMS_ContentInfo *cms);
+
+CMS_CertificateChoices *CMS_add0_CertificateChoices(CMS_ContentInfo *cms);
+int CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert);
+int CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert);
+STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms);
+
+CMS_RevocationInfoChoice *CMS_add0_RevocationInfoChoice(CMS_ContentInfo *cms);
+int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl);
+STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms);
+
+int CMS_SignedData_init(CMS_ContentInfo *cms);
+CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
+ X509 *signer, EVP_PKEY *pk, const EVP_MD *md,
+ unsigned int flags);
+STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms);
+
+void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer);
+int CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si,
+ ASN1_OCTET_STRING **keyid,
+ X509_NAME **issuer, ASN1_INTEGER **sno);
+int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert);
+int CMS_set1_signers_certs(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
+ unsigned int flags);
+void CMS_SignerInfo_get0_algs(CMS_SignerInfo *si, EVP_PKEY **pk, X509 **signer,
+ X509_ALGOR **pdig, X509_ALGOR **psig);
+int CMS_SignerInfo_sign(CMS_SignerInfo *si);
+int CMS_SignerInfo_verify(CMS_SignerInfo *si);
+int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain);
+
+int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs);
+int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs,
+ int algnid, int keysize);
+int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap);
+
+int CMS_signed_get_attr_count(const CMS_SignerInfo *si);
+int CMS_signed_get_attr_by_NID(const CMS_SignerInfo *si, int nid,
+ int lastpos);
+int CMS_signed_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj,
+ int lastpos);
+X509_ATTRIBUTE *CMS_signed_get_attr(const CMS_SignerInfo *si, int loc);
+X509_ATTRIBUTE *CMS_signed_delete_attr(CMS_SignerInfo *si, int loc);
+int CMS_signed_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr);
+int CMS_signed_add1_attr_by_OBJ(CMS_SignerInfo *si,
+ const ASN1_OBJECT *obj, int type,
+ const void *bytes, int len);
+int CMS_signed_add1_attr_by_NID(CMS_SignerInfo *si,
+ int nid, int type,
+ const void *bytes, int len);
+int CMS_signed_add1_attr_by_txt(CMS_SignerInfo *si,
+ const char *attrname, int type,
+ const void *bytes, int len);
+void *CMS_signed_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid,
+ int lastpos, int type);
+
+int CMS_unsigned_get_attr_count(const CMS_SignerInfo *si);
+int CMS_unsigned_get_attr_by_NID(const CMS_SignerInfo *si, int nid,
+ int lastpos);
+int CMS_unsigned_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj,
+ int lastpos);
+X509_ATTRIBUTE *CMS_unsigned_get_attr(const CMS_SignerInfo *si, int loc);
+X509_ATTRIBUTE *CMS_unsigned_delete_attr(CMS_SignerInfo *si, int loc);
+int CMS_unsigned_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr);
+int CMS_unsigned_add1_attr_by_OBJ(CMS_SignerInfo *si,
+ const ASN1_OBJECT *obj, int type,
+ const void *bytes, int len);
+int CMS_unsigned_add1_attr_by_NID(CMS_SignerInfo *si,
+ int nid, int type,
+ const void *bytes, int len);
+int CMS_unsigned_add1_attr_by_txt(CMS_SignerInfo *si,
+ const char *attrname, int type,
+ const void *bytes, int len);
+void *CMS_unsigned_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid,
+ int lastpos, int type);
+
+#ifdef HEADER_X509V3_H
+
+int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr);
+CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen,
+ int allorfirst,
+ STACK_OF(GENERAL_NAMES) *receiptList,
+ STACK_OF(GENERAL_NAMES) *receiptsTo);
+int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr);
+void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr,
+ ASN1_STRING **pcid,
+ int *pallorfirst,
+ STACK_OF(GENERAL_NAMES) **plist,
+ STACK_OF(GENERAL_NAMES) **prto);
+
+#endif
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_CMS_strings(void);
+
+/* Error codes for the CMS functions. */
+
+/* Function codes. */
+#define CMS_F_CHECK_CONTENT 99
+#define CMS_F_CMS_ADD0_CERT 164
+#define CMS_F_CMS_ADD0_RECIPIENT_KEY 100
+#define CMS_F_CMS_ADD1_RECEIPTREQUEST 158
+#define CMS_F_CMS_ADD1_RECIPIENT_CERT 101
+#define CMS_F_CMS_ADD1_SIGNER 102
+#define CMS_F_CMS_ADD1_SIGNINGTIME 103
+#define CMS_F_CMS_COMPRESS 104
+#define CMS_F_CMS_COMPRESSEDDATA_CREATE 105
+#define CMS_F_CMS_COMPRESSEDDATA_INIT_BIO 106
+#define CMS_F_CMS_COPY_CONTENT 107
+#define CMS_F_CMS_COPY_MESSAGEDIGEST 108
+#define CMS_F_CMS_DATA 109
+#define CMS_F_CMS_DATAFINAL 110
+#define CMS_F_CMS_DATAINIT 111
+#define CMS_F_CMS_DECRYPT 112
+#define CMS_F_CMS_DECRYPT_SET1_KEY 113
+#define CMS_F_CMS_DECRYPT_SET1_PKEY 114
+#define CMS_F_CMS_DIGESTALGORITHM_FIND_CTX 115
+#define CMS_F_CMS_DIGESTALGORITHM_INIT_BIO 116
+#define CMS_F_CMS_DIGESTEDDATA_DO_FINAL 117
+#define CMS_F_CMS_DIGEST_VERIFY 118
+#define CMS_F_CMS_ENCODE_RECEIPT 161
+#define CMS_F_CMS_ENCRYPT 119
+#define CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO 120
+#define CMS_F_CMS_ENCRYPTEDDATA_DECRYPT 121
+#define CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT 122
+#define CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY 123
+#define CMS_F_CMS_ENVELOPEDDATA_CREATE 124
+#define CMS_F_CMS_ENVELOPEDDATA_INIT_BIO 125
+#define CMS_F_CMS_ENVELOPED_DATA_INIT 126
+#define CMS_F_CMS_FINAL 127
+#define CMS_F_CMS_GET0_CERTIFICATE_CHOICES 128
+#define CMS_F_CMS_GET0_CONTENT 129
+#define CMS_F_CMS_GET0_ECONTENT_TYPE 130
+#define CMS_F_CMS_GET0_ENVELOPED 131
+#define CMS_F_CMS_GET0_REVOCATION_CHOICES 132
+#define CMS_F_CMS_GET0_SIGNED 133
+#define CMS_F_CMS_MSGSIGDIGEST_ADD1 162
+#define CMS_F_CMS_RECEIPTREQUEST_CREATE0 159
+#define CMS_F_CMS_RECEIPT_VERIFY 160
+#define CMS_F_CMS_RECIPIENTINFO_DECRYPT 134
+#define CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT 135
+#define CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT 136
+#define CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID 137
+#define CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP 138
+#define CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP 139
+#define CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT 140
+#define CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT 141
+#define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS 142
+#define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID 143
+#define CMS_F_CMS_RECIPIENTINFO_SET0_KEY 144
+#define CMS_F_CMS_RECIPIENTINFO_SET0_PKEY 145
+#define CMS_F_CMS_SET1_SIGNERIDENTIFIER 146
+#define CMS_F_CMS_SET_DETACHED 147
+#define CMS_F_CMS_SIGN 148
+#define CMS_F_CMS_SIGNED_DATA_INIT 149
+#define CMS_F_CMS_SIGNERINFO_CONTENT_SIGN 150
+#define CMS_F_CMS_SIGNERINFO_SIGN 151
+#define CMS_F_CMS_SIGNERINFO_VERIFY 152
+#define CMS_F_CMS_SIGNERINFO_VERIFY_CERT 153
+#define CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT 154
+#define CMS_F_CMS_SIGN_RECEIPT 163
+#define CMS_F_CMS_STREAM 155
+#define CMS_F_CMS_UNCOMPRESS 156
+#define CMS_F_CMS_VERIFY 157
+
+/* Reason codes. */
+#define CMS_R_ADD_SIGNER_ERROR 99
+#define CMS_R_CERTIFICATE_ALREADY_PRESENT 175
+#define CMS_R_CERTIFICATE_HAS_NO_KEYID 160
+#define CMS_R_CERTIFICATE_VERIFY_ERROR 100
+#define CMS_R_CIPHER_INITIALISATION_ERROR 101
+#define CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR 102
+#define CMS_R_CMS_DATAFINAL_ERROR 103
+#define CMS_R_CMS_LIB 104
+#define CMS_R_CONTENTIDENTIFIER_MISMATCH 170
+#define CMS_R_CONTENT_NOT_FOUND 105
+#define CMS_R_CONTENT_TYPE_MISMATCH 171
+#define CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA 106
+#define CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA 107
+#define CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA 108
+#define CMS_R_CONTENT_VERIFY_ERROR 109
+#define CMS_R_CTRL_ERROR 110
+#define CMS_R_CTRL_FAILURE 111
+#define CMS_R_DECRYPT_ERROR 112
+#define CMS_R_DIGEST_ERROR 161
+#define CMS_R_ERROR_GETTING_PUBLIC_KEY 113
+#define CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE 114
+#define CMS_R_ERROR_SETTING_KEY 115
+#define CMS_R_ERROR_SETTING_RECIPIENTINFO 116
+#define CMS_R_INVALID_ENCRYPTED_KEY_LENGTH 117
+#define CMS_R_INVALID_KEY_LENGTH 118
+#define CMS_R_MD_BIO_INIT_ERROR 119
+#define CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH 120
+#define CMS_R_MESSAGEDIGEST_WRONG_LENGTH 121
+#define CMS_R_MSGSIGDIGEST_ERROR 172
+#define CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE 162
+#define CMS_R_MSGSIGDIGEST_WRONG_LENGTH 163
+#define CMS_R_NEED_ONE_SIGNER 164
+#define CMS_R_NOT_A_SIGNED_RECEIPT 165
+#define CMS_R_NOT_ENCRYPTED_DATA 122
+#define CMS_R_NOT_KEK 123
+#define CMS_R_NOT_KEY_TRANSPORT 124
+#define CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 125
+#define CMS_R_NO_CIPHER 126
+#define CMS_R_NO_CONTENT 127
+#define CMS_R_NO_CONTENT_TYPE 173
+#define CMS_R_NO_DEFAULT_DIGEST 128
+#define CMS_R_NO_DIGEST_SET 129
+#define CMS_R_NO_KEY 130
+#define CMS_R_NO_KEY_OR_CERT 174
+#define CMS_R_NO_MATCHING_DIGEST 131
+#define CMS_R_NO_MATCHING_RECIPIENT 132
+#define CMS_R_NO_MATCHING_SIGNATURE 166
+#define CMS_R_NO_MSGSIGDIGEST 167
+#define CMS_R_NO_PRIVATE_KEY 133
+#define CMS_R_NO_PUBLIC_KEY 134
+#define CMS_R_NO_RECEIPT_REQUEST 168
+#define CMS_R_NO_SIGNERS 135
+#define CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 136
+#define CMS_R_RECEIPT_DECODE_ERROR 169
+#define CMS_R_RECIPIENT_ERROR 137
+#define CMS_R_SIGNER_CERTIFICATE_NOT_FOUND 138
+#define CMS_R_SIGNFINAL_ERROR 139
+#define CMS_R_SMIME_TEXT_ERROR 140
+#define CMS_R_STORE_INIT_ERROR 141
+#define CMS_R_TYPE_NOT_COMPRESSED_DATA 142
+#define CMS_R_TYPE_NOT_DATA 143
+#define CMS_R_TYPE_NOT_DIGESTED_DATA 144
+#define CMS_R_TYPE_NOT_ENCRYPTED_DATA 145
+#define CMS_R_TYPE_NOT_ENVELOPED_DATA 146
+#define CMS_R_UNABLE_TO_FINALIZE_CONTEXT 147
+#define CMS_R_UNKNOWN_CIPHER 148
+#define CMS_R_UNKNOWN_DIGEST_ALGORIHM 149
+#define CMS_R_UNKNOWN_ID 150
+#define CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM 151
+#define CMS_R_UNSUPPORTED_CONTENT_TYPE 152
+#define CMS_R_UNSUPPORTED_KEK_ALGORITHM 153
+#define CMS_R_UNSUPPORTED_RECIPIENT_TYPE 154
+#define CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE 155
+#define CMS_R_UNSUPPORTED_TYPE 156
+#define CMS_R_UNWRAP_ERROR 157
+#define CMS_R_VERIFICATION_FAILURE 158
+#define CMS_R_WRAP_ERROR 159
+
+#ifdef __cplusplus
+}
+#endif
+#endif
--- /dev/null
+/* crypto/cms/cms_asn1.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#include <openssl/asn1t.h>
+#include <openssl/pem.h>
+#include <openssl/x509v3.h>
+#include "cms.h"
+#include "cms_lcl.h"
+
+
+ASN1_SEQUENCE(CMS_IssuerAndSerialNumber) = {
+ ASN1_SIMPLE(CMS_IssuerAndSerialNumber, issuer, X509_NAME),
+ ASN1_SIMPLE(CMS_IssuerAndSerialNumber, serialNumber, ASN1_INTEGER)
+} ASN1_SEQUENCE_END(CMS_IssuerAndSerialNumber)
+
+ASN1_SEQUENCE(CMS_OtherCertificateFormat) = {
+ ASN1_SIMPLE(CMS_OtherCertificateFormat, otherCertFormat, ASN1_OBJECT),
+ ASN1_OPT(CMS_OtherCertificateFormat, otherCert, ASN1_ANY)
+} ASN1_SEQUENCE_END(CMS_OtherCertificateFormat)
+
+ASN1_CHOICE(CMS_CertificateChoices) = {
+ ASN1_SIMPLE(CMS_CertificateChoices, d.certificate, X509),
+ ASN1_IMP(CMS_CertificateChoices, d.extendedCertificate, ASN1_SEQUENCE, 0),
+ ASN1_IMP(CMS_CertificateChoices, d.v1AttrCert, ASN1_SEQUENCE, 1),
+ ASN1_IMP(CMS_CertificateChoices, d.v2AttrCert, ASN1_SEQUENCE, 2),
+ ASN1_IMP(CMS_CertificateChoices, d.other, CMS_OtherCertificateFormat, 3)
+} ASN1_CHOICE_END(CMS_CertificateChoices)
+
+ASN1_CHOICE(CMS_SignerIdentifier) = {
+ ASN1_SIMPLE(CMS_SignerIdentifier, d.issuerAndSerialNumber, CMS_IssuerAndSerialNumber),
+ ASN1_IMP(CMS_SignerIdentifier, d.subjectKeyIdentifier, ASN1_OCTET_STRING, 0)
+} ASN1_CHOICE_END(CMS_SignerIdentifier)
+
+ASN1_NDEF_SEQUENCE(CMS_EncapsulatedContentInfo) = {
+ ASN1_SIMPLE(CMS_EncapsulatedContentInfo, eContentType, ASN1_OBJECT),
+ ASN1_NDEF_EXP_OPT(CMS_EncapsulatedContentInfo, eContent, ASN1_OCTET_STRING_NDEF, 0)
+} ASN1_NDEF_SEQUENCE_END(CMS_EncapsulatedContentInfo)
+
+/* Minor tweak to operation: free up signer key, cert */
+static int cms_si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+ {
+ if(operation == ASN1_OP_FREE_POST)
+ {
+ CMS_SignerInfo *si = (CMS_SignerInfo *)*pval;
+ if (si->pkey)
+ EVP_PKEY_free(si->pkey);
+ if (si->signer)
+ X509_free(si->signer);
+ }
+ return 1;
+ }
+
+ASN1_SEQUENCE_cb(CMS_SignerInfo, cms_si_cb) = {
+ ASN1_SIMPLE(CMS_SignerInfo, version, LONG),
+ ASN1_SIMPLE(CMS_SignerInfo, sid, CMS_SignerIdentifier),
+ ASN1_SIMPLE(CMS_SignerInfo, digestAlgorithm, X509_ALGOR),
+ ASN1_IMP_SET_OF_OPT(CMS_SignerInfo, signedAttrs, X509_ATTRIBUTE, 0),
+ ASN1_SIMPLE(CMS_SignerInfo, signatureAlgorithm, X509_ALGOR),
+ ASN1_SIMPLE(CMS_SignerInfo, signature, ASN1_OCTET_STRING),
+ ASN1_IMP_SET_OF_OPT(CMS_SignerInfo, unsignedAttrs, X509_ATTRIBUTE, 1)
+} ASN1_SEQUENCE_END_cb(CMS_SignerInfo, CMS_SignerInfo)
+
+ASN1_SEQUENCE(CMS_OtherRevocationInfoFormat) = {
+ ASN1_SIMPLE(CMS_OtherRevocationInfoFormat, otherRevInfoFormat, ASN1_OBJECT),
+ ASN1_OPT(CMS_OtherRevocationInfoFormat, otherRevInfo, ASN1_ANY)
+} ASN1_SEQUENCE_END(CMS_OtherRevocationInfoFormat)
+
+ASN1_CHOICE(CMS_RevocationInfoChoice) = {
+ ASN1_SIMPLE(CMS_RevocationInfoChoice, d.crl, X509_CRL),
+ ASN1_IMP(CMS_RevocationInfoChoice, d.other, CMS_OtherRevocationInfoFormat, 1)
+} ASN1_CHOICE_END(CMS_RevocationInfoChoice)
+
+ASN1_NDEF_SEQUENCE(CMS_SignedData) = {
+ ASN1_SIMPLE(CMS_SignedData, version, LONG),
+ ASN1_SET_OF(CMS_SignedData, digestAlgorithms, X509_ALGOR),
+ ASN1_SIMPLE(CMS_SignedData, encapContentInfo, CMS_EncapsulatedContentInfo),
+ ASN1_IMP_SET_OF_OPT(CMS_SignedData, certificates, CMS_CertificateChoices, 0),
+ ASN1_IMP_SET_OF_OPT(CMS_SignedData, crls, CMS_RevocationInfoChoice, 1),
+ ASN1_SET_OF(CMS_SignedData, signerInfos, CMS_SignerInfo)
+} ASN1_NDEF_SEQUENCE_END(CMS_SignedData)
+
+ASN1_SEQUENCE(CMS_OriginatorInfo) = {
+ ASN1_IMP_SET_OF_OPT(CMS_SignedData, certificates, CMS_CertificateChoices, 0),
+ ASN1_IMP_SET_OF_OPT(CMS_SignedData, crls, CMS_RevocationInfoChoice, 1)
+} ASN1_SEQUENCE_END(CMS_OriginatorInfo)
+
+ASN1_NDEF_SEQUENCE(CMS_EncryptedContentInfo) = {
+ ASN1_SIMPLE(CMS_EncryptedContentInfo, contentType, ASN1_OBJECT),
+ ASN1_SIMPLE(CMS_EncryptedContentInfo, contentEncryptionAlgorithm, X509_ALGOR),
+ ASN1_IMP_OPT(CMS_EncryptedContentInfo, encryptedContent, ASN1_OCTET_STRING_NDEF, 0)
+} ASN1_NDEF_SEQUENCE_END(CMS_EncryptedContentInfo)
+
+ASN1_SEQUENCE(CMS_KeyTransRecipientInfo) = {
+ ASN1_SIMPLE(CMS_KeyTransRecipientInfo, version, LONG),
+ ASN1_SIMPLE(CMS_KeyTransRecipientInfo, rid, CMS_SignerIdentifier),
+ ASN1_SIMPLE(CMS_KeyTransRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR),
+ ASN1_SIMPLE(CMS_KeyTransRecipientInfo, encryptedKey, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END(CMS_KeyTransRecipientInfo)
+
+ASN1_SEQUENCE(CMS_OtherKeyAttribute) = {
+ ASN1_SIMPLE(CMS_OtherKeyAttribute, keyAttrId, ASN1_OBJECT),
+ ASN1_OPT(CMS_OtherKeyAttribute, keyAttr, ASN1_ANY)
+} ASN1_SEQUENCE_END(CMS_OtherKeyAttribute)
+
+ASN1_SEQUENCE(CMS_RecipientKeyIdentifier) = {
+ ASN1_SIMPLE(CMS_RecipientKeyIdentifier, subjectKeyIdentifier, ASN1_OCTET_STRING),
+ ASN1_OPT(CMS_RecipientKeyIdentifier, date, ASN1_GENERALIZEDTIME),
+ ASN1_OPT(CMS_RecipientKeyIdentifier, other, CMS_OtherKeyAttribute)
+} ASN1_SEQUENCE_END(CMS_RecipientKeyIdentifier)
+
+ASN1_CHOICE(CMS_KeyAgreeRecipientIdentifier) = {
+ ASN1_SIMPLE(CMS_KeyAgreeRecipientIdentifier, d.issuerAndSerialNumber, CMS_IssuerAndSerialNumber),
+ ASN1_IMP(CMS_KeyAgreeRecipientIdentifier, d.rKeyId, CMS_RecipientKeyIdentifier, 0)
+} ASN1_CHOICE_END(CMS_KeyAgreeRecipientIdentifier)
+
+ASN1_SEQUENCE(CMS_RecipientEncryptedKey) = {
+ ASN1_SIMPLE(CMS_RecipientEncryptedKey, rid, CMS_KeyAgreeRecipientIdentifier),
+ ASN1_SIMPLE(CMS_RecipientEncryptedKey, encryptedKey, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END(CMS_RecipientEncryptedKey)
+
+ASN1_SEQUENCE(CMS_OriginatorPublicKey) = {
+ ASN1_SIMPLE(CMS_OriginatorPublicKey, algorithm, X509_ALGOR),
+ ASN1_SIMPLE(CMS_OriginatorPublicKey, publicKey, ASN1_BIT_STRING)
+} ASN1_SEQUENCE_END(CMS_OriginatorPublicKey)
+
+ASN1_CHOICE(CMS_OriginatorIdentifierOrKey) = {
+ ASN1_SIMPLE(CMS_OriginatorIdentifierOrKey, d.issuerAndSerialNumber, CMS_IssuerAndSerialNumber),
+ ASN1_IMP(CMS_OriginatorIdentifierOrKey, d.subjectKeyIdentifier, ASN1_OCTET_STRING, 0),
+ ASN1_IMP(CMS_OriginatorIdentifierOrKey, d.originatorKey, CMS_OriginatorPublicKey, 1)
+} ASN1_CHOICE_END(CMS_OriginatorIdentifierOrKey)
+
+ASN1_SEQUENCE(CMS_KeyAgreeRecipientInfo) = {
+ ASN1_SIMPLE(CMS_KeyAgreeRecipientInfo, version, LONG),
+ ASN1_EXP(CMS_KeyAgreeRecipientInfo, originator, CMS_OriginatorIdentifierOrKey, 0),
+ ASN1_EXP_OPT(CMS_KeyAgreeRecipientInfo, ukm, ASN1_OCTET_STRING, 1),
+ ASN1_SIMPLE(CMS_KeyAgreeRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR),
+ ASN1_SEQUENCE_OF(CMS_KeyAgreeRecipientInfo, recipientEncryptedKeys, CMS_RecipientEncryptedKey)
+} ASN1_SEQUENCE_END(CMS_KeyAgreeRecipientInfo)
+
+ASN1_SEQUENCE(CMS_KEKIdentifier) = {
+ ASN1_SIMPLE(CMS_KEKIdentifier, keyIdentifier, ASN1_OCTET_STRING),
+ ASN1_OPT(CMS_KEKIdentifier, date, ASN1_GENERALIZEDTIME),
+ ASN1_OPT(CMS_KEKIdentifier, other, CMS_OtherKeyAttribute)
+} ASN1_SEQUENCE_END(CMS_KEKIdentifier)
+
+ASN1_SEQUENCE(CMS_KEKRecipientInfo) = {
+ ASN1_SIMPLE(CMS_KEKRecipientInfo, version, LONG),
+ ASN1_SIMPLE(CMS_KEKRecipientInfo, kekid, CMS_KEKIdentifier),
+ ASN1_SIMPLE(CMS_KEKRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR),
+ ASN1_SIMPLE(CMS_KEKRecipientInfo, encryptedKey, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END(CMS_KEKRecipientInfo)
+
+ASN1_SEQUENCE(CMS_PasswordRecipientInfo) = {
+ ASN1_SIMPLE(CMS_PasswordRecipientInfo, version, LONG),
+ ASN1_IMP_OPT(CMS_PasswordRecipientInfo, keyDerivationAlgorithm, X509_ALGOR, 0),
+ ASN1_SIMPLE(CMS_PasswordRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR),
+ ASN1_SIMPLE(CMS_PasswordRecipientInfo, encryptedKey, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END(CMS_PasswordRecipientInfo)
+
+ASN1_SEQUENCE(CMS_OtherRecipientInfo) = {
+ ASN1_SIMPLE(CMS_OtherRecipientInfo, oriType, ASN1_OBJECT),
+ ASN1_OPT(CMS_OtherRecipientInfo, oriValue, ASN1_ANY)
+} ASN1_SEQUENCE_END(CMS_OtherRecipientInfo)
+
+/* Free up RecipientInfo additional data */
+static int cms_ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+ {
+ if(operation == ASN1_OP_FREE_PRE)
+ {
+ CMS_RecipientInfo *ri = (CMS_RecipientInfo *)*pval;
+ if (ri->type == CMS_RECIPINFO_TRANS)
+ {
+ CMS_KeyTransRecipientInfo *ktri = ri->d.ktri;
+ if (ktri->pkey)
+ EVP_PKEY_free(ktri->pkey);
+ if (ktri->recip)
+ X509_free(ktri->recip);
+ }
+ else if (ri->type == CMS_RECIPINFO_KEK)
+ {
+ CMS_KEKRecipientInfo *kekri = ri->d.kekri;
+ if (kekri->key)
+ {
+ OPENSSL_cleanse(kekri->key, kekri->keylen);
+ OPENSSL_free(kekri->key);
+ }
+ }
+ }
+ return 1;
+ }
+
+ASN1_CHOICE_cb(CMS_RecipientInfo, cms_ri_cb) = {
+ ASN1_SIMPLE(CMS_RecipientInfo, d.ktri, CMS_KeyTransRecipientInfo),
+ ASN1_IMP(CMS_RecipientInfo, d.kari, CMS_KeyAgreeRecipientInfo, 1),
+ ASN1_IMP(CMS_RecipientInfo, d.kekri, CMS_KEKRecipientInfo, 2),
+ ASN1_IMP(CMS_RecipientInfo, d.pwri, CMS_PasswordRecipientInfo, 3),
+ ASN1_IMP(CMS_RecipientInfo, d.ori, CMS_OtherRecipientInfo, 4)
+} ASN1_CHOICE_END_cb(CMS_RecipientInfo, CMS_RecipientInfo, type)
+
+ASN1_NDEF_SEQUENCE(CMS_EnvelopedData) = {
+ ASN1_SIMPLE(CMS_EnvelopedData, version, LONG),
+ ASN1_IMP_OPT(CMS_EnvelopedData, originatorInfo, CMS_OriginatorInfo, 0),
+ ASN1_SET_OF(CMS_EnvelopedData, recipientInfos, CMS_RecipientInfo),
+ ASN1_SIMPLE(CMS_EnvelopedData, encryptedContentInfo, CMS_EncryptedContentInfo),
+ ASN1_IMP_SET_OF_OPT(CMS_EnvelopedData, unprotectedAttrs, X509_ATTRIBUTE, 1)
+} ASN1_NDEF_SEQUENCE_END(CMS_EnvelopedData)
+
+ASN1_NDEF_SEQUENCE(CMS_DigestedData) = {
+ ASN1_SIMPLE(CMS_DigestedData, version, LONG),
+ ASN1_SIMPLE(CMS_DigestedData, digestAlgorithm, X509_ALGOR),
+ ASN1_SIMPLE(CMS_DigestedData, encapContentInfo, CMS_EncapsulatedContentInfo),
+ ASN1_SIMPLE(CMS_DigestedData, digest, ASN1_OCTET_STRING)
+} ASN1_NDEF_SEQUENCE_END(CMS_DigestedData)
+
+ASN1_NDEF_SEQUENCE(CMS_EncryptedData) = {
+ ASN1_SIMPLE(CMS_EncryptedData, version, LONG),
+ ASN1_SIMPLE(CMS_EncryptedData, encryptedContentInfo, CMS_EncryptedContentInfo),
+ ASN1_IMP_SET_OF_OPT(CMS_EncryptedData, unprotectedAttrs, X509_ATTRIBUTE, 1)
+} ASN1_NDEF_SEQUENCE_END(CMS_EncryptedData)
+
+ASN1_NDEF_SEQUENCE(CMS_AuthenticatedData) = {
+ ASN1_SIMPLE(CMS_AuthenticatedData, version, LONG),
+ ASN1_IMP_OPT(CMS_AuthenticatedData, originatorInfo, CMS_OriginatorInfo, 0),
+ ASN1_SET_OF(CMS_AuthenticatedData, recipientInfos, CMS_RecipientInfo),
+ ASN1_SIMPLE(CMS_AuthenticatedData, macAlgorithm, X509_ALGOR),
+ ASN1_IMP(CMS_AuthenticatedData, digestAlgorithm, X509_ALGOR, 1),
+ ASN1_SIMPLE(CMS_AuthenticatedData, encapContentInfo, CMS_EncapsulatedContentInfo),
+ ASN1_IMP_SET_OF_OPT(CMS_AuthenticatedData, authAttrs, X509_ALGOR, 2),
+ ASN1_SIMPLE(CMS_AuthenticatedData, mac, ASN1_OCTET_STRING),
+ ASN1_IMP_SET_OF_OPT(CMS_AuthenticatedData, unauthAttrs, X509_ALGOR, 3)
+} ASN1_NDEF_SEQUENCE_END(CMS_AuthenticatedData)
+
+ASN1_NDEF_SEQUENCE(CMS_CompressedData) = {
+ ASN1_SIMPLE(CMS_CompressedData, version, LONG),
+ ASN1_SIMPLE(CMS_CompressedData, compressionAlgorithm, X509_ALGOR),
+ ASN1_SIMPLE(CMS_CompressedData, encapContentInfo, CMS_EncapsulatedContentInfo),
+} ASN1_NDEF_SEQUENCE_END(CMS_CompressedData)
+
+/* This is the ANY DEFINED BY table for the top level ContentInfo structure */
+
+ASN1_ADB_TEMPLATE(cms_default) = ASN1_EXP(CMS_ContentInfo, d.other, ASN1_ANY, 0);
+
+ASN1_ADB(CMS_ContentInfo) = {
+ ADB_ENTRY(NID_pkcs7_data, ASN1_NDEF_EXP(CMS_ContentInfo, d.data, ASN1_OCTET_STRING_NDEF, 0)),
+ ADB_ENTRY(NID_pkcs7_signed, ASN1_NDEF_EXP(CMS_ContentInfo, d.signedData, CMS_SignedData, 0)),
+ ADB_ENTRY(NID_pkcs7_enveloped, ASN1_NDEF_EXP(CMS_ContentInfo, d.envelopedData, CMS_EnvelopedData, 0)),
+ ADB_ENTRY(NID_pkcs7_digest, ASN1_NDEF_EXP(CMS_ContentInfo, d.digestedData, CMS_DigestedData, 0)),
+ ADB_ENTRY(NID_pkcs7_encrypted, ASN1_NDEF_EXP(CMS_ContentInfo, d.encryptedData, CMS_EncryptedData, 0)),
+ ADB_ENTRY(NID_id_smime_ct_authData, ASN1_NDEF_EXP(CMS_ContentInfo, d.authenticatedData, CMS_AuthenticatedData, 0)),
+ ADB_ENTRY(NID_id_smime_ct_compressedData, ASN1_NDEF_EXP(CMS_ContentInfo, d.compressedData, CMS_CompressedData, 0)),
+} ASN1_ADB_END(CMS_ContentInfo, 0, contentType, 0, &cms_default_tt, NULL);
+
+ASN1_NDEF_SEQUENCE(CMS_ContentInfo) = {
+ ASN1_SIMPLE(CMS_ContentInfo, contentType, ASN1_OBJECT),
+ ASN1_ADB_OBJECT(CMS_ContentInfo)
+} ASN1_NDEF_SEQUENCE_END(CMS_ContentInfo)
+
+/* Specials for signed attributes */
+
+/* When signing attributes we want to reorder them to match the sorted
+ * encoding.
+ */
+
+ASN1_ITEM_TEMPLATE(CMS_Attributes_Sign) =
+ ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_ORDER, 0, CMS_ATTRIBUTES, X509_ATTRIBUTE)
+ASN1_ITEM_TEMPLATE_END(CMS_Attributes_Sign)
+
+/* When verifying attributes we need to use the received order. So
+ * we use SEQUENCE OF and tag it to SET OF
+ */
+
+ASN1_ITEM_TEMPLATE(CMS_Attributes_Verify) =
+ ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_IMPTAG | ASN1_TFLG_UNIVERSAL,
+ V_ASN1_SET, CMS_ATTRIBUTES, X509_ATTRIBUTE)
+ASN1_ITEM_TEMPLATE_END(CMS_Attributes_Verify)
+
+
+
+ASN1_CHOICE(CMS_ReceiptsFrom) = {
+ ASN1_IMP(CMS_ReceiptsFrom, d.allOrFirstTier, LONG, 0),
+ ASN1_IMP_SEQUENCE_OF(CMS_ReceiptsFrom, d.receiptList, GENERAL_NAMES, 1)
+} ASN1_CHOICE_END(CMS_ReceiptsFrom)
+
+ASN1_SEQUENCE(CMS_ReceiptRequest) = {
+ ASN1_SIMPLE(CMS_ReceiptRequest, signedContentIdentifier, ASN1_OCTET_STRING),
+ ASN1_SIMPLE(CMS_ReceiptRequest, receiptsFrom, CMS_ReceiptsFrom),
+ ASN1_SEQUENCE_OF(CMS_ReceiptRequest, receiptsTo, GENERAL_NAMES)
+} ASN1_SEQUENCE_END(CMS_ReceiptRequest)
+
+ASN1_SEQUENCE(CMS_Receipt) = {
+ ASN1_SIMPLE(CMS_Receipt, version, LONG),
+ ASN1_SIMPLE(CMS_Receipt, contentType, ASN1_OBJECT),
+ ASN1_SIMPLE(CMS_Receipt, signedContentIdentifier, ASN1_OCTET_STRING),
+ ASN1_SIMPLE(CMS_Receipt, originatorSignatureValue, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END(CMS_Receipt)
+
--- /dev/null
+/* crypto/cms/cms_att.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#include <openssl/asn1t.h>
+#include <openssl/pem.h>
+#include <openssl/x509v3.h>
+#include <openssl/err.h>
+#include "cms.h"
+#include "cms_lcl.h"
+
+/* CMS SignedData Attribute utilities */
+
+int CMS_signed_get_attr_count(const CMS_SignerInfo *si)
+{
+ return X509at_get_attr_count(si->signedAttrs);
+}
+
+int CMS_signed_get_attr_by_NID(const CMS_SignerInfo *si, int nid,
+ int lastpos)
+{
+ return X509at_get_attr_by_NID(si->signedAttrs, nid, lastpos);
+}
+
+int CMS_signed_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj,
+ int lastpos)
+{
+ return X509at_get_attr_by_OBJ(si->signedAttrs, obj, lastpos);
+}
+
+X509_ATTRIBUTE *CMS_signed_get_attr(const CMS_SignerInfo *si, int loc)
+{
+ return X509at_get_attr(si->signedAttrs, loc);
+}
+
+X509_ATTRIBUTE *CMS_signed_delete_attr(CMS_SignerInfo *si, int loc)
+{
+ return X509at_delete_attr(si->signedAttrs, loc);
+}
+
+int CMS_signed_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr)
+{
+ if(X509at_add1_attr(&si->signedAttrs, attr)) return 1;
+ return 0;
+}
+
+int CMS_signed_add1_attr_by_OBJ(CMS_SignerInfo *si,
+ const ASN1_OBJECT *obj, int type,
+ const void *bytes, int len)
+{
+ if(X509at_add1_attr_by_OBJ(&si->signedAttrs, obj,
+ type, bytes, len)) return 1;
+ return 0;
+}
+
+int CMS_signed_add1_attr_by_NID(CMS_SignerInfo *si,
+ int nid, int type,
+ const void *bytes, int len)
+{
+ if(X509at_add1_attr_by_NID(&si->signedAttrs, nid,
+ type, bytes, len)) return 1;
+ return 0;
+}
+
+int CMS_signed_add1_attr_by_txt(CMS_SignerInfo *si,
+ const char *attrname, int type,
+ const void *bytes, int len)
+{
+ if(X509at_add1_attr_by_txt(&si->signedAttrs, attrname,
+ type, bytes, len)) return 1;
+ return 0;
+}
+
+void *CMS_signed_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid,
+ int lastpos, int type)
+{
+ return X509at_get0_data_by_OBJ(si->signedAttrs, oid, lastpos, type);
+}
+
+int CMS_unsigned_get_attr_count(const CMS_SignerInfo *si)
+{
+ return X509at_get_attr_count(si->unsignedAttrs);
+}
+
+int CMS_unsigned_get_attr_by_NID(const CMS_SignerInfo *si, int nid,
+ int lastpos)
+{
+ return X509at_get_attr_by_NID(si->unsignedAttrs, nid, lastpos);
+}
+
+int CMS_unsigned_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj,
+ int lastpos)
+{
+ return X509at_get_attr_by_OBJ(si->unsignedAttrs, obj, lastpos);
+}
+
+X509_ATTRIBUTE *CMS_unsigned_get_attr(const CMS_SignerInfo *si, int loc)
+{
+ return X509at_get_attr(si->unsignedAttrs, loc);
+}
+
+X509_ATTRIBUTE *CMS_unsigned_delete_attr(CMS_SignerInfo *si, int loc)
+{
+ return X509at_delete_attr(si->unsignedAttrs, loc);
+}
+
+int CMS_unsigned_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr)
+{
+ if(X509at_add1_attr(&si->unsignedAttrs, attr)) return 1;
+ return 0;
+}
+
+int CMS_unsigned_add1_attr_by_OBJ(CMS_SignerInfo *si,
+ const ASN1_OBJECT *obj, int type,
+ const void *bytes, int len)
+{
+ if(X509at_add1_attr_by_OBJ(&si->unsignedAttrs, obj,
+ type, bytes, len)) return 1;
+ return 0;
+}
+
+int CMS_unsigned_add1_attr_by_NID(CMS_SignerInfo *si,
+ int nid, int type,
+ const void *bytes, int len)
+{
+ if(X509at_add1_attr_by_NID(&si->unsignedAttrs, nid,
+ type, bytes, len)) return 1;
+ return 0;
+}
+
+int CMS_unsigned_add1_attr_by_txt(CMS_SignerInfo *si,
+ const char *attrname, int type,
+ const void *bytes, int len)
+{
+ if(X509at_add1_attr_by_txt(&si->unsignedAttrs, attrname,
+ type, bytes, len)) return 1;
+ return 0;
+}
+
+void *CMS_unsigned_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid,
+ int lastpos, int type)
+{
+ return X509at_get0_data_by_OBJ(si->unsignedAttrs, oid, lastpos, type);
+}
+
+/* Specific attribute cases */
--- /dev/null
+/* crypto/cms/cms_cd.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/pem.h>
+#include <openssl/x509v3.h>
+#include <openssl/err.h>
+#include <openssl/cms.h>
+#include <openssl/bio.h>
+#include <openssl/comp.h>
+#include "cms_lcl.h"
+
+DECLARE_ASN1_ITEM(CMS_CompressedData)
+
+#ifdef ZLIB
+
+/* CMS CompressedData Utilities */
+
+CMS_ContentInfo *cms_CompressedData_create(int comp_nid)
+ {
+ CMS_ContentInfo *cms;
+ CMS_CompressedData *cd;
+ /* Will need something cleverer if there is ever more than one
+ * compression algorithm or parameters have some meaning...
+ */
+ if (comp_nid != NID_zlib_compression)
+ {
+ CMSerr(CMS_F_CMS_COMPRESSEDDATA_CREATE,
+ CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
+ return NULL;
+ }
+ cms = CMS_ContentInfo_new();
+ if (!cms)
+ return NULL;
+
+ cd = M_ASN1_new_of(CMS_CompressedData);
+
+ if (!cd)
+ goto err;
+
+ cms->contentType = OBJ_nid2obj(NID_id_smime_ct_compressedData);
+ cms->d.compressedData = cd;
+
+ cd->version = 0;
+
+ X509_ALGOR_set0(cd->compressionAlgorithm,
+ OBJ_nid2obj(NID_zlib_compression),
+ V_ASN1_UNDEF, NULL);
+
+ cd->encapContentInfo->eContentType = OBJ_nid2obj(NID_pkcs7_data);
+
+ return cms;
+
+ err:
+
+ if (cms)
+ CMS_ContentInfo_free(cms);
+
+ return NULL;
+ }
+
+BIO *cms_CompressedData_init_bio(CMS_ContentInfo *cms)
+ {
+ CMS_CompressedData *cd;
+ ASN1_OBJECT *compoid;
+ if (OBJ_obj2nid(cms->contentType) != NID_id_smime_ct_compressedData)
+ {
+ CMSerr(CMS_F_CMS_COMPRESSEDDATA_INIT_BIO,
+ CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA);
+ return NULL;
+ }
+ cd = cms->d.compressedData;
+ X509_ALGOR_get0(&compoid, NULL, NULL, cd->compressionAlgorithm);
+ if (OBJ_obj2nid(compoid) != NID_zlib_compression)
+ {
+ CMSerr(CMS_F_CMS_COMPRESSEDDATA_INIT_BIO,
+ CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
+ return NULL;
+ }
+ return BIO_new(BIO_f_zlib());
+ }
+
+#endif
--- /dev/null
+/* crypto/cms/cms_dd.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/pem.h>
+#include <openssl/x509v3.h>
+#include <openssl/err.h>
+#include <openssl/cms.h>
+#include "cms_lcl.h"
+
+DECLARE_ASN1_ITEM(CMS_DigestedData)
+
+/* CMS DigestedData Utilities */
+
+CMS_ContentInfo *cms_DigestedData_create(const EVP_MD *md)
+ {
+ CMS_ContentInfo *cms;
+ CMS_DigestedData *dd;
+ cms = CMS_ContentInfo_new();
+ if (!cms)
+ return NULL;
+
+ dd = M_ASN1_new_of(CMS_DigestedData);
+
+ if (!dd)
+ goto err;
+
+ cms->contentType = OBJ_nid2obj(NID_pkcs7_digest);
+ cms->d.digestedData = dd;
+
+ dd->version = 0;
+ dd->encapContentInfo->eContentType = OBJ_nid2obj(NID_pkcs7_data);
+
+ cms_DigestAlgorithm_set(dd->digestAlgorithm, md);
+
+ return cms;
+
+ err:
+
+ if (cms)
+ CMS_ContentInfo_free(cms);
+
+ return NULL;
+ }
+
+BIO *cms_DigestedData_init_bio(CMS_ContentInfo *cms)
+ {
+ CMS_DigestedData *dd;
+ dd = cms->d.digestedData;
+ return cms_DigestAlgorithm_init_bio(dd->digestAlgorithm);
+ }
+
+int cms_DigestedData_do_final(CMS_ContentInfo *cms, BIO *chain, int verify)
+ {
+ EVP_MD_CTX mctx;
+ unsigned char md[EVP_MAX_MD_SIZE];
+ unsigned int mdlen;
+ int r = 0;
+ CMS_DigestedData *dd;
+ EVP_MD_CTX_init(&mctx);
+
+ dd = cms->d.digestedData;
+
+ if (!cms_DigestAlgorithm_find_ctx(&mctx, chain, dd->digestAlgorithm))
+ goto err;
+
+ if (EVP_DigestFinal_ex(&mctx, md, &mdlen) <= 0)
+ goto err;
+
+ if (verify)
+ {
+ if (mdlen != (unsigned int)dd->digest->length)
+ {
+ CMSerr(CMS_F_CMS_DIGESTEDDATA_DO_FINAL,
+ CMS_R_MESSAGEDIGEST_WRONG_LENGTH);
+ goto err;
+ }
+
+ if (memcmp(md, dd->digest->data, mdlen))
+ CMSerr(CMS_F_CMS_DIGESTEDDATA_DO_FINAL,
+ CMS_R_VERIFICATION_FAILURE);
+ else
+ r = 1;
+ }
+ else
+ {
+ if (!ASN1_STRING_set(dd->digest, md, mdlen))
+ goto err;
+ r = 1;
+ }
+
+ err:
+ EVP_MD_CTX_cleanup(&mctx);
+
+ return r;
+
+ }
--- /dev/null
+/* crypto/cms/cms_enc.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/pem.h>
+#include <openssl/x509v3.h>
+#include <openssl/err.h>
+#include <openssl/cms.h>
+#include <openssl/rand.h>
+#include "cms_lcl.h"
+
+/* CMS EncryptedData Utilities */
+
+DECLARE_ASN1_ITEM(CMS_EncryptedData)
+
+/* Return BIO based on EncryptedContentInfo and key */
+
+BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
+ {
+ BIO *b;
+ EVP_CIPHER_CTX *ctx;
+ const EVP_CIPHER *ciph;
+ X509_ALGOR *calg = ec->contentEncryptionAlgorithm;
+ unsigned char iv[EVP_MAX_IV_LENGTH], *piv = NULL;
+
+ int ok = 0;
+
+ int enc, keep_key = 0;
+
+ enc = ec->cipher ? 1 : 0;
+
+ b = BIO_new(BIO_f_cipher());
+ if (!b)
+ {
+ CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
+ ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+
+ BIO_get_cipher_ctx(b, &ctx);
+
+ if (enc)
+ {
+ ciph = ec->cipher;
+ /* If not keeping key set cipher to NULL so subsequent calls
+ * decrypt.
+ */
+ if (ec->key)
+ ec->cipher = NULL;
+ }
+ else
+ {
+ ciph = EVP_get_cipherbyobj(calg->algorithm);
+
+ if (!ciph)
+ {
+ CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
+ CMS_R_UNKNOWN_CIPHER);
+ goto err;
+ }
+ }
+
+ if (EVP_CipherInit_ex(ctx, ciph, NULL, NULL, NULL, enc) <= 0)
+ {
+ CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
+ CMS_R_CIPHER_INITIALISATION_ERROR);
+ goto err;
+ }
+
+ if (enc)
+ {
+ int ivlen;
+ calg->algorithm = OBJ_nid2obj(EVP_CIPHER_CTX_type(ctx));
+ /* Generate a random IV if we need one */
+ ivlen = EVP_CIPHER_CTX_iv_length(ctx);
+ if (ivlen > 0)
+ {
+ if (RAND_pseudo_bytes(iv, ivlen) <= 0)
+ goto err;
+ piv = iv;
+ }
+ }
+ else if (EVP_CIPHER_asn1_to_param(ctx, calg->parameter) <= 0)
+ {
+ CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
+ CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
+ goto err;
+ }
+
+
+ if (enc && !ec->key)
+ {
+ /* Generate random key */
+ if (!ec->keylen)
+ ec->keylen = EVP_CIPHER_CTX_key_length(ctx);
+ ec->key = OPENSSL_malloc(ec->keylen);
+ if (!ec->key)
+ {
+ CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
+ ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ if (EVP_CIPHER_CTX_rand_key(ctx, ec->key) <= 0)
+ goto err;
+ keep_key = 1;
+ }
+ else if (ec->keylen != (unsigned int)EVP_CIPHER_CTX_key_length(ctx))
+ {
+ /* If necessary set key length */
+ if (EVP_CIPHER_CTX_set_key_length(ctx, ec->keylen) <= 0)
+ {
+ CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
+ CMS_R_INVALID_KEY_LENGTH);
+ goto err;
+ }
+ }
+
+ if (EVP_CipherInit_ex(ctx, NULL, NULL, ec->key, piv, enc) <= 0)
+ {
+ CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
+ CMS_R_CIPHER_INITIALISATION_ERROR);
+ goto err;
+ }
+
+ if (piv)
+ {
+ calg->parameter = ASN1_TYPE_new();
+ if (!calg->parameter)
+ {
+ CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
+ ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ if (EVP_CIPHER_param_to_asn1(ctx, calg->parameter) <= 0)
+ {
+ CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
+ CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
+ goto err;
+ }
+ }
+ ok = 1;
+
+ err:
+ if (ec->key && !keep_key)
+ {
+ OPENSSL_cleanse(ec->key, ec->keylen);
+ OPENSSL_free(ec->key);
+ ec->key = NULL;
+ }
+ if (ok)
+ return b;
+ BIO_free(b);
+ return NULL;
+ }
+
+int cms_EncryptedContent_init(CMS_EncryptedContentInfo *ec,
+ const EVP_CIPHER *cipher,
+ const unsigned char *key, size_t keylen)
+ {
+ ec->cipher = cipher;
+ if (key)
+ {
+ ec->key = OPENSSL_malloc(keylen);
+ if (!ec->key)
+ return 0;
+ memcpy(ec->key, key, keylen);
+ }
+ ec->keylen = keylen;
+ if (cipher)
+ ec->contentType = OBJ_nid2obj(NID_pkcs7_data);
+ return 1;
+ }
+
+int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph,
+ const unsigned char *key, size_t keylen)
+ {
+ CMS_EncryptedContentInfo *ec;
+ if (!key || !keylen)
+ {
+ CMSerr(CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY, CMS_R_NO_KEY);
+ return 0;
+ }
+ if (ciph)
+ {
+ cms->d.encryptedData = M_ASN1_new_of(CMS_EncryptedData);
+ if (!cms->d.encryptedData)
+ {
+ CMSerr(CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY,
+ ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ cms->contentType = OBJ_nid2obj(NID_pkcs7_encrypted);
+ cms->d.encryptedData->version = 0;
+ }
+ else if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_encrypted)
+ {
+ CMSerr(CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY,
+ CMS_R_NOT_ENCRYPTED_DATA);
+ return 0;
+ }
+ ec = cms->d.encryptedData->encryptedContentInfo;
+ return cms_EncryptedContent_init(ec, ciph, key, keylen);
+ }
+
+BIO *cms_EncryptedData_init_bio(CMS_ContentInfo *cms)
+ {
+ CMS_EncryptedData *enc = cms->d.encryptedData;
+ if (enc->encryptedContentInfo->cipher && enc->unprotectedAttrs)
+ enc->version = 2;
+ return cms_EncryptedContent_init_bio(enc->encryptedContentInfo);
+ }
--- /dev/null
+/* crypto/cms/cms_env.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/pem.h>
+#include <openssl/x509v3.h>
+#include <openssl/err.h>
+#include <openssl/cms.h>
+#include <openssl/rand.h>
+#include <openssl/aes.h>
+#include "cms_lcl.h"
+
+/* CMS EnvelopedData Utilities */
+
+DECLARE_ASN1_ITEM(CMS_EnvelopedData)
+DECLARE_ASN1_ITEM(CMS_RecipientInfo)
+DECLARE_ASN1_ITEM(CMS_KeyTransRecipientInfo)
+DECLARE_ASN1_ITEM(CMS_KEKRecipientInfo)
+DECLARE_ASN1_ITEM(CMS_OtherKeyAttribute)
+
+DECLARE_STACK_OF(CMS_RecipientInfo)
+
+static CMS_EnvelopedData *cms_get0_enveloped(CMS_ContentInfo *cms)
+ {
+ if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_enveloped)
+ {
+ CMSerr(CMS_F_CMS_GET0_ENVELOPED,
+ CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA);
+ return NULL;
+ }
+ return cms->d.envelopedData;
+ }
+
+static CMS_EnvelopedData *cms_enveloped_data_init(CMS_ContentInfo *cms)
+ {
+ if (cms->d.other == NULL)
+ {
+ cms->d.envelopedData = M_ASN1_new_of(CMS_EnvelopedData);
+ if (!cms->d.envelopedData)
+ {
+ CMSerr(CMS_F_CMS_ENVELOPED_DATA_INIT,
+ ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+ cms->d.envelopedData->version = 0;
+ cms->d.envelopedData->encryptedContentInfo->contentType =
+ OBJ_nid2obj(NID_pkcs7_data);
+ ASN1_OBJECT_free(cms->contentType);
+ cms->contentType = OBJ_nid2obj(NID_pkcs7_enveloped);
+ return cms->d.envelopedData;
+ }
+ return cms_get0_enveloped(cms);
+ }
+
+STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms)
+ {
+ CMS_EnvelopedData *env;
+ env = cms_get0_enveloped(cms);
+ if (!env)
+ return NULL;
+ return env->recipientInfos;
+ }
+
+int CMS_RecipientInfo_type(CMS_RecipientInfo *ri)
+ {
+ return ri->type;
+ }
+
+CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher)
+ {
+ CMS_ContentInfo *cms;
+ CMS_EnvelopedData *env;
+ cms = CMS_ContentInfo_new();
+ if (!cms)
+ goto merr;
+ env = cms_enveloped_data_init(cms);
+ if (!env)
+ goto merr;
+ if (!cms_EncryptedContent_init(env->encryptedContentInfo,
+ cipher, NULL, 0))
+ goto merr;
+ return cms;
+ merr:
+ if (cms)
+ CMS_ContentInfo_free(cms);
+ CMSerr(CMS_F_CMS_ENVELOPEDDATA_CREATE, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+
+/* Key Transport Recipient Info (KTRI) routines */
+
+/* Add a recipient certificate. For now only handle key transport.
+ * If we ever handle key agreement will need updating.
+ */
+
+CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
+ X509 *recip, unsigned int flags)
+ {
+ CMS_RecipientInfo *ri = NULL;
+ CMS_KeyTransRecipientInfo *ktri;
+ CMS_EnvelopedData *env;
+ EVP_PKEY *pk = NULL;
+ int type;
+ env = cms_get0_enveloped(cms);
+ if (!env)
+ goto err;
+
+ /* Initialize recipient info */
+ ri = M_ASN1_new_of(CMS_RecipientInfo);
+ if (!ri)
+ goto merr;
+
+ /* Initialize and add key transport recipient info */
+
+ ri->d.ktri = M_ASN1_new_of(CMS_KeyTransRecipientInfo);
+ if (!ri->d.ktri)
+ goto merr;
+ ri->type = CMS_RECIPINFO_TRANS;
+
+ ktri = ri->d.ktri;
+
+ X509_check_purpose(recip, -1, -1);
+ pk = X509_get_pubkey(recip);
+ if (!pk)
+ {
+ CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT,
+ CMS_R_ERROR_GETTING_PUBLIC_KEY);
+ goto err;
+ }
+ CRYPTO_add(&recip->references, 1, CRYPTO_LOCK_X509);
+ ktri->pkey = pk;
+ ktri->recip = recip;
+
+ if (flags & CMS_USE_KEYID)
+ {
+ ktri->version = 2;
+ type = CMS_RECIPINFO_KEYIDENTIFIER;
+ }
+ else
+ {
+ ktri->version = 0;
+ type = CMS_RECIPINFO_ISSUER_SERIAL;
+ }
+
+ /* Not a typo: RecipientIdentifier and SignerIdentifier are the
+ * same structure.
+ */
+
+ if (!cms_set1_SignerIdentifier(ktri->rid, recip, type))
+ goto err;
+
+ /* Since we have no EVP_PKEY_ASN1_METHOD in OpenSSL 0.9.8,
+ * hard code algorithm parameters.
+ */
+
+ if (pk->type == EVP_PKEY_RSA)
+ {
+ X509_ALGOR_set0(ktri->keyEncryptionAlgorithm,
+ OBJ_nid2obj(NID_rsaEncryption),
+ V_ASN1_NULL, 0);
+ }
+ else
+ {
+ CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT,
+ CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
+ goto err;
+ }
+
+ if (!sk_CMS_RecipientInfo_push(env->recipientInfos, ri))
+ goto merr;
+
+ return ri;
+
+ merr:
+ CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT, ERR_R_MALLOC_FAILURE);
+ err:
+ if (ri)
+ M_ASN1_free_of(ri, CMS_RecipientInfo);
+ return NULL;
+
+ }
+
+int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri,
+ EVP_PKEY **pk, X509 **recip,
+ X509_ALGOR **palg)
+ {
+ CMS_KeyTransRecipientInfo *ktri;
+ if (ri->type != CMS_RECIPINFO_TRANS)
+ {
+ CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS,
+ CMS_R_NOT_KEY_TRANSPORT);
+ return 0;
+ }
+
+ ktri = ri->d.ktri;
+
+ if (pk)
+ *pk = ktri->pkey;
+ if (recip)
+ *recip = ktri->recip;
+ if (palg)
+ *palg = ktri->keyEncryptionAlgorithm;
+ return 1;
+ }
+
+int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri,
+ ASN1_OCTET_STRING **keyid,
+ X509_NAME **issuer, ASN1_INTEGER **sno)
+ {
+ CMS_KeyTransRecipientInfo *ktri;
+ if (ri->type != CMS_RECIPINFO_TRANS)
+ {
+ CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID,
+ CMS_R_NOT_KEY_TRANSPORT);
+ return 0;
+ }
+ ktri = ri->d.ktri;
+
+ return cms_SignerIdentifier_get0_signer_id(ktri->rid,
+ keyid, issuer, sno);
+ }
+
+int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert)
+ {
+ if (ri->type != CMS_RECIPINFO_TRANS)
+ {
+ CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP,
+ CMS_R_NOT_KEY_TRANSPORT);
+ return -2;
+ }
+ return cms_SignerIdentifier_cert_cmp(ri->d.ktri->rid, cert);
+ }
+
+int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey)
+ {
+ if (ri->type != CMS_RECIPINFO_TRANS)
+ {
+ CMSerr(CMS_F_CMS_RECIPIENTINFO_SET0_PKEY,
+ CMS_R_NOT_KEY_TRANSPORT);
+ return 0;
+ }
+ ri->d.ktri->pkey = pkey;
+ return 1;
+ }
+
+/* Encrypt content key in key transport recipient info */
+
+static int cms_RecipientInfo_ktri_encrypt(CMS_ContentInfo *cms,
+ CMS_RecipientInfo *ri)
+ {
+ CMS_KeyTransRecipientInfo *ktri;
+ CMS_EncryptedContentInfo *ec;
+ unsigned char *ek = NULL;
+ int eklen;
+
+ int ret = 0;
+
+ if (ri->type != CMS_RECIPINFO_TRANS)
+ {
+ CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT,
+ CMS_R_NOT_KEY_TRANSPORT);
+ return 0;
+ }
+ ktri = ri->d.ktri;
+ ec = cms->d.envelopedData->encryptedContentInfo;
+
+ eklen = EVP_PKEY_size(ktri->pkey);
+
+ ek = OPENSSL_malloc(eklen);
+
+ if (ek == NULL)
+ {
+ CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT,
+ ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ eklen = EVP_PKEY_encrypt(ek, ec->key, ec->keylen, ktri->pkey);
+
+ if (eklen <= 0)
+ goto err;
+
+ ASN1_STRING_set0(ktri->encryptedKey, ek, eklen);
+ ek = NULL;
+
+ ret = 1;
+
+ err:
+ if (ek)
+ OPENSSL_free(ek);
+ return ret;
+
+ }
+
+/* Decrypt content key from KTRI */
+
+static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms,
+ CMS_RecipientInfo *ri)
+ {
+ CMS_KeyTransRecipientInfo *ktri = ri->d.ktri;
+ unsigned char *ek = NULL;
+ int eklen;
+ int ret = 0;
+
+ if (ktri->pkey == NULL)
+ {
+ CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT,
+ CMS_R_NO_PRIVATE_KEY);
+ return 0;
+ }
+
+ eklen = EVP_PKEY_size(ktri->pkey);
+
+ ek = OPENSSL_malloc(eklen);
+
+ if (ek == NULL)
+ {
+ CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT,
+ ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ eklen = EVP_PKEY_decrypt(ek,
+ ktri->encryptedKey->data,
+ ktri->encryptedKey->length, ktri->pkey);
+ if (eklen <= 0)
+ {
+ CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, CMS_R_CMS_LIB);
+ goto err;
+ }
+
+ ret = 1;
+
+ cms->d.envelopedData->encryptedContentInfo->key = ek;
+ cms->d.envelopedData->encryptedContentInfo->keylen = eklen;
+
+ err:
+ if (!ret && ek)
+ OPENSSL_free(ek);
+
+ return ret;
+ }
+
+/* Key Encrypted Key (KEK) RecipientInfo routines */
+
+int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri,
+ const unsigned char *id, size_t idlen)
+ {
+ ASN1_OCTET_STRING tmp_os;
+ CMS_KEKRecipientInfo *kekri;
+ if (ri->type != CMS_RECIPINFO_KEK)
+ {
+ CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP, CMS_R_NOT_KEK);
+ return -2;
+ }
+ kekri = ri->d.kekri;
+ tmp_os.type = V_ASN1_OCTET_STRING;
+ tmp_os.flags = 0;
+ tmp_os.data = (unsigned char *)id;
+ tmp_os.length = (int)idlen;
+ return ASN1_OCTET_STRING_cmp(&tmp_os, kekri->kekid->keyIdentifier);
+ }
+
+/* For now hard code AES key wrap info */
+
+static size_t aes_wrap_keylen(int nid)
+ {
+ switch (nid)
+ {
+ case NID_id_aes128_wrap:
+ return 16;
+
+ case NID_id_aes192_wrap:
+ return 24;
+
+ case NID_id_aes256_wrap:
+ return 32;
+
+ default:
+ return 0;
+ }
+ }
+
+CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid,
+ unsigned char *key, size_t keylen,
+ unsigned char *id, size_t idlen,
+ ASN1_GENERALIZEDTIME *date,
+ ASN1_OBJECT *otherTypeId,
+ ASN1_TYPE *otherType)
+ {
+ CMS_RecipientInfo *ri = NULL;
+ CMS_EnvelopedData *env;
+ CMS_KEKRecipientInfo *kekri;
+ env = cms_get0_enveloped(cms);
+ if (!env)
+ goto err;
+
+ if (nid == NID_undef)
+ {
+ switch (keylen)
+ {
+ case 16:
+ nid = NID_id_aes128_wrap;
+ break;
+
+ case 24:
+ nid = NID_id_aes192_wrap;
+ break;
+
+ case 32:
+ nid = NID_id_aes256_wrap;
+ break;
+
+ default:
+ CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY,
+ CMS_R_INVALID_KEY_LENGTH);
+ goto err;
+ }
+
+ }
+ else
+ {
+
+ size_t exp_keylen = aes_wrap_keylen(nid);
+
+ if (!exp_keylen)
+ {
+ CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY,
+ CMS_R_UNSUPPORTED_KEK_ALGORITHM);
+ goto err;
+ }
+
+ if (keylen != exp_keylen)
+ {
+ CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY,
+ CMS_R_INVALID_KEY_LENGTH);
+ goto err;
+ }
+
+ }
+
+ /* Initialize recipient info */
+ ri = M_ASN1_new_of(CMS_RecipientInfo);
+ if (!ri)
+ goto merr;
+
+ ri->d.kekri = M_ASN1_new_of(CMS_KEKRecipientInfo);
+ if (!ri->d.kekri)
+ goto merr;
+ ri->type = CMS_RECIPINFO_KEK;
+
+ kekri = ri->d.kekri;
+
+ if (otherTypeId)
+ {
+ kekri->kekid->other = M_ASN1_new_of(CMS_OtherKeyAttribute);
+ if (kekri->kekid->other == NULL)
+ goto merr;
+ }
+
+ if (!sk_CMS_RecipientInfo_push(env->recipientInfos, ri))
+ goto merr;
+
+
+ /* After this point no calls can fail */
+
+ kekri->version = 4;
+
+ kekri->key = key;
+ kekri->keylen = keylen;
+
+ ASN1_STRING_set0(kekri->kekid->keyIdentifier, id, idlen);
+
+ kekri->kekid->date = date;
+
+ if (kekri->kekid->other)
+ {
+ kekri->kekid->other->keyAttrId = otherTypeId;
+ kekri->kekid->other->keyAttr = otherType;
+ }
+
+ X509_ALGOR_set0(kekri->keyEncryptionAlgorithm,
+ OBJ_nid2obj(nid), V_ASN1_UNDEF, NULL);
+
+ return ri;
+
+ merr:
+ CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY, ERR_R_MALLOC_FAILURE);
+ err:
+ if (ri)
+ M_ASN1_free_of(ri, CMS_RecipientInfo);
+ return NULL;
+
+ }
+
+int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri,
+ X509_ALGOR **palg,
+ ASN1_OCTET_STRING **pid,
+ ASN1_GENERALIZEDTIME **pdate,
+ ASN1_OBJECT **potherid,
+ ASN1_TYPE **pothertype)
+ {
+ CMS_KEKIdentifier *rkid;
+ if (ri->type != CMS_RECIPINFO_KEK)
+ {
+ CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID, CMS_R_NOT_KEK);
+ return 0;
+ }
+ rkid = ri->d.kekri->kekid;
+ if (palg)
+ *palg = ri->d.kekri->keyEncryptionAlgorithm;
+ if (pid)
+ *pid = rkid->keyIdentifier;
+ if (pdate)
+ *pdate = rkid->date;
+ if (potherid)
+ {
+ if (rkid->other)
+ *potherid = rkid->other->keyAttrId;
+ else
+ *potherid = NULL;
+ }
+ if (pothertype)
+ {
+ if (rkid->other)
+ *pothertype = rkid->other->keyAttr;
+ else
+ *pothertype = NULL;
+ }
+ return 1;
+ }
+
+int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri,
+ unsigned char *key, size_t keylen)
+ {
+ CMS_KEKRecipientInfo *kekri;
+ if (ri->type != CMS_RECIPINFO_KEK)
+ {
+ CMSerr(CMS_F_CMS_RECIPIENTINFO_SET0_KEY, CMS_R_NOT_KEK);
+ return 0;
+ }
+
+ kekri = ri->d.kekri;
+ kekri->key = key;
+ kekri->keylen = keylen;
+ return 1;
+ }
+
+
+/* Encrypt content key in KEK recipient info */
+
+static int cms_RecipientInfo_kekri_encrypt(CMS_ContentInfo *cms,
+ CMS_RecipientInfo *ri)
+ {
+ CMS_EncryptedContentInfo *ec;
+ CMS_KEKRecipientInfo *kekri;
+ AES_KEY actx;
+ unsigned char *wkey = NULL;
+ int wkeylen;
+ int r = 0;
+
+ ec = cms->d.envelopedData->encryptedContentInfo;
+
+ kekri = ri->d.kekri;
+
+ if (!kekri->key)
+ {
+ CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT, CMS_R_NO_KEY);
+ return 0;
+ }
+
+ if (AES_set_encrypt_key(kekri->key, kekri->keylen << 3, &actx))
+ {
+ CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT,
+ CMS_R_ERROR_SETTING_KEY);
+ goto err;
+ }
+
+ wkey = OPENSSL_malloc(ec->keylen + 8);
+
+ if (!wkey)
+ {
+ CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT,
+ ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ wkeylen = AES_wrap_key(&actx, NULL, wkey, ec->key, ec->keylen);
+
+ if (wkeylen <= 0)
+ {
+ CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT, CMS_R_WRAP_ERROR);
+ goto err;
+ }
+
+ ASN1_STRING_set0(kekri->encryptedKey, wkey, wkeylen);
+
+ r = 1;
+
+ err:
+
+ if (!r && wkey)
+ OPENSSL_free(wkey);
+ OPENSSL_cleanse(&actx, sizeof(actx));
+
+ return r;
+
+ }
+
+/* Decrypt content key in KEK recipient info */
+
+static int cms_RecipientInfo_kekri_decrypt(CMS_ContentInfo *cms,
+ CMS_RecipientInfo *ri)
+ {
+ CMS_EncryptedContentInfo *ec;
+ CMS_KEKRecipientInfo *kekri;
+ AES_KEY actx;
+ unsigned char *ukey = NULL;
+ int ukeylen;
+ int r = 0, wrap_nid;
+
+ ec = cms->d.envelopedData->encryptedContentInfo;
+
+ kekri = ri->d.kekri;
+
+ if (!kekri->key)
+ {
+ CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT, CMS_R_NO_KEY);
+ return 0;
+ }
+
+ wrap_nid = OBJ_obj2nid(kekri->keyEncryptionAlgorithm->algorithm);
+ if (aes_wrap_keylen(wrap_nid) != kekri->keylen)
+ {
+ CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT,
+ CMS_R_INVALID_KEY_LENGTH);
+ return 0;
+ }
+
+ /* If encrypted key length is invalid don't bother */
+
+ if (kekri->encryptedKey->length < 16)
+ {
+ CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT,
+ CMS_R_INVALID_ENCRYPTED_KEY_LENGTH);
+ goto err;
+ }
+
+ if (AES_set_decrypt_key(kekri->key, kekri->keylen << 3, &actx))
+ {
+ CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT,
+ CMS_R_ERROR_SETTING_KEY);
+ goto err;
+ }
+
+ ukey = OPENSSL_malloc(kekri->encryptedKey->length - 8);
+
+ if (!ukey)
+ {
+ CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT,
+ ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ ukeylen = AES_unwrap_key(&actx, NULL, ukey,
+ kekri->encryptedKey->data,
+ kekri->encryptedKey->length);
+
+ if (ukeylen <= 0)
+ {
+ CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT,
+ CMS_R_UNWRAP_ERROR);
+ goto err;
+ }
+
+ ec->key = ukey;
+ ec->keylen = ukeylen;
+
+ r = 1;
+
+ err:
+
+ if (!r && ukey)
+ OPENSSL_free(ukey);
+ OPENSSL_cleanse(&actx, sizeof(actx));
+
+ return r;
+
+ }
+
+int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri)
+ {
+ switch(ri->type)
+ {
+ case CMS_RECIPINFO_TRANS:
+ return cms_RecipientInfo_ktri_decrypt(cms, ri);
+
+ case CMS_RECIPINFO_KEK:
+ return cms_RecipientInfo_kekri_decrypt(cms, ri);
+
+ default:
+ CMSerr(CMS_F_CMS_RECIPIENTINFO_DECRYPT,
+ CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE);
+ return 0;
+ }
+ }
+
+BIO *cms_EnvelopedData_init_bio(CMS_ContentInfo *cms)
+ {
+ CMS_EncryptedContentInfo *ec;
+ STACK_OF(CMS_RecipientInfo) *rinfos;
+ CMS_RecipientInfo *ri;
+ int i, r, ok = 0;
+ BIO *ret;
+
+ /* Get BIO first to set up key */
+
+ ec = cms->d.envelopedData->encryptedContentInfo;
+ ret = cms_EncryptedContent_init_bio(ec);
+
+ /* If error or no cipher end of processing */
+
+ if (!ret || !ec->cipher)
+ return ret;
+
+ /* Now encrypt content key according to each RecipientInfo type */
+
+ rinfos = cms->d.envelopedData->recipientInfos;
+
+ for (i = 0; i < sk_CMS_RecipientInfo_num(rinfos); i++)
+ {
+ ri = sk_CMS_RecipientInfo_value(rinfos, i);
+
+ switch (ri->type)
+ {
+ case CMS_RECIPINFO_TRANS:
+ r = cms_RecipientInfo_ktri_encrypt(cms, ri);
+ break;
+
+ case CMS_RECIPINFO_KEK:
+ r = cms_RecipientInfo_kekri_encrypt(cms, ri);
+ break;
+
+ default:
+ CMSerr(CMS_F_CMS_ENVELOPEDDATA_INIT_BIO,
+ CMS_R_UNSUPPORTED_RECIPIENT_TYPE);
+ goto err;
+ }
+
+ if (r <= 0)
+ {
+ CMSerr(CMS_F_CMS_ENVELOPEDDATA_INIT_BIO,
+ CMS_R_ERROR_SETTING_RECIPIENTINFO);
+ goto err;
+ }
+ }
+
+ ok = 1;
+
+ err:
+ ec->cipher = NULL;
+ if (ec->key)
+ {
+ OPENSSL_cleanse(ec->key, ec->keylen);
+ OPENSSL_free(ec->key);
+ ec->key = NULL;
+ ec->keylen = 0;
+ }
+ if (ok)
+ return ret;
+ BIO_free(ret);
+ return NULL;
+
+ }
--- /dev/null
+/* crypto/cms/cms_err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/cms.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+#define ERR_FUNC(func) ERR_PACK(ERR_LIB_CMS,func,0)
+#define ERR_REASON(reason) ERR_PACK(ERR_LIB_CMS,0,reason)
+
+static ERR_STRING_DATA CMS_str_functs[]=
+ {
+{ERR_FUNC(CMS_F_CHECK_CONTENT), "CHECK_CONTENT"},
+{ERR_FUNC(CMS_F_CMS_ADD0_CERT), "CMS_add0_cert"},
+{ERR_FUNC(CMS_F_CMS_ADD0_RECIPIENT_KEY), "CMS_add0_recipient_key"},
+{ERR_FUNC(CMS_F_CMS_ADD1_RECEIPTREQUEST), "CMS_add1_ReceiptRequest"},
+{ERR_FUNC(CMS_F_CMS_ADD1_RECIPIENT_CERT), "CMS_add1_recipient_cert"},
+{ERR_FUNC(CMS_F_CMS_ADD1_SIGNER), "CMS_add1_signer"},
+{ERR_FUNC(CMS_F_CMS_ADD1_SIGNINGTIME), "CMS_ADD1_SIGNINGTIME"},
+{ERR_FUNC(CMS_F_CMS_COMPRESS), "CMS_compress"},
+{ERR_FUNC(CMS_F_CMS_COMPRESSEDDATA_CREATE), "cms_CompressedData_create"},
+{ERR_FUNC(CMS_F_CMS_COMPRESSEDDATA_INIT_BIO), "cms_CompressedData_init_bio"},
+{ERR_FUNC(CMS_F_CMS_COPY_CONTENT), "CMS_COPY_CONTENT"},
+{ERR_FUNC(CMS_F_CMS_COPY_MESSAGEDIGEST), "CMS_COPY_MESSAGEDIGEST"},
+{ERR_FUNC(CMS_F_CMS_DATA), "CMS_data"},
+{ERR_FUNC(CMS_F_CMS_DATAFINAL), "CMS_dataFinal"},
+{ERR_FUNC(CMS_F_CMS_DATAINIT), "CMS_dataInit"},
+{ERR_FUNC(CMS_F_CMS_DECRYPT), "CMS_decrypt"},
+{ERR_FUNC(CMS_F_CMS_DECRYPT_SET1_KEY), "CMS_decrypt_set1_key"},
+{ERR_FUNC(CMS_F_CMS_DECRYPT_SET1_PKEY), "CMS_decrypt_set1_pkey"},
+{ERR_FUNC(CMS_F_CMS_DIGESTALGORITHM_FIND_CTX), "cms_DigestAlgorithm_find_ctx"},
+{ERR_FUNC(CMS_F_CMS_DIGESTALGORITHM_INIT_BIO), "cms_DigestAlgorithm_init_bio"},
+{ERR_FUNC(CMS_F_CMS_DIGESTEDDATA_DO_FINAL), "cms_DigestedData_do_final"},
+{ERR_FUNC(CMS_F_CMS_DIGEST_VERIFY), "CMS_digest_verify"},
+{ERR_FUNC(CMS_F_CMS_ENCODE_RECEIPT), "cms_encode_Receipt"},
+{ERR_FUNC(CMS_F_CMS_ENCRYPT), "CMS_encrypt"},
+{ERR_FUNC(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO), "cms_EncryptedContent_init_bio"},
+{ERR_FUNC(CMS_F_CMS_ENCRYPTEDDATA_DECRYPT), "CMS_EncryptedData_decrypt"},
+{ERR_FUNC(CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT), "CMS_EncryptedData_encrypt"},
+{ERR_FUNC(CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY), "CMS_EncryptedData_set1_key"},
+{ERR_FUNC(CMS_F_CMS_ENVELOPEDDATA_CREATE), "CMS_EnvelopedData_create"},
+{ERR_FUNC(CMS_F_CMS_ENVELOPEDDATA_INIT_BIO), "cms_EnvelopedData_init_bio"},
+{ERR_FUNC(CMS_F_CMS_ENVELOPED_DATA_INIT), "CMS_ENVELOPED_DATA_INIT"},
+{ERR_FUNC(CMS_F_CMS_FINAL), "CMS_final"},
+{ERR_FUNC(CMS_F_CMS_GET0_CERTIFICATE_CHOICES), "CMS_GET0_CERTIFICATE_CHOICES"},
+{ERR_FUNC(CMS_F_CMS_GET0_CONTENT), "CMS_get0_content"},
+{ERR_FUNC(CMS_F_CMS_GET0_ECONTENT_TYPE), "CMS_GET0_ECONTENT_TYPE"},
+{ERR_FUNC(CMS_F_CMS_GET0_ENVELOPED), "CMS_GET0_ENVELOPED"},
+{ERR_FUNC(CMS_F_CMS_GET0_REVOCATION_CHOICES), "CMS_GET0_REVOCATION_CHOICES"},
+{ERR_FUNC(CMS_F_CMS_GET0_SIGNED), "CMS_GET0_SIGNED"},
+{ERR_FUNC(CMS_F_CMS_MSGSIGDIGEST_ADD1), "cms_msgSigDigest_add1"},
+{ERR_FUNC(CMS_F_CMS_RECEIPTREQUEST_CREATE0), "CMS_ReceiptRequest_create0"},
+{ERR_FUNC(CMS_F_CMS_RECEIPT_VERIFY), "cms_Receipt_verify"},
+{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_DECRYPT), "CMS_RecipientInfo_decrypt"},
+{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT), "CMS_RECIPIENTINFO_KEKRI_DECRYPT"},
+{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT), "CMS_RECIPIENTINFO_KEKRI_ENCRYPT"},
+{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID), "CMS_RecipientInfo_kekri_get0_id"},
+{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP), "CMS_RecipientInfo_kekri_id_cmp"},
+{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP), "CMS_RecipientInfo_ktri_cert_cmp"},
+{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT), "CMS_RECIPIENTINFO_KTRI_DECRYPT"},
+{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT), "CMS_RECIPIENTINFO_KTRI_ENCRYPT"},
+{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS), "CMS_RecipientInfo_ktri_get0_algs"},
+{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID), "CMS_RecipientInfo_ktri_get0_signer_id"},
+{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_SET0_KEY), "CMS_RecipientInfo_set0_key"},
+{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_SET0_PKEY), "CMS_RecipientInfo_set0_pkey"},
+{ERR_FUNC(CMS_F_CMS_SET1_SIGNERIDENTIFIER), "cms_set1_SignerIdentifier"},
+{ERR_FUNC(CMS_F_CMS_SET_DETACHED), "CMS_set_detached"},
+{ERR_FUNC(CMS_F_CMS_SIGN), "CMS_sign"},
+{ERR_FUNC(CMS_F_CMS_SIGNED_DATA_INIT), "CMS_SIGNED_DATA_INIT"},
+{ERR_FUNC(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN), "CMS_SIGNERINFO_CONTENT_SIGN"},
+{ERR_FUNC(CMS_F_CMS_SIGNERINFO_SIGN), "CMS_SignerInfo_sign"},
+{ERR_FUNC(CMS_F_CMS_SIGNERINFO_VERIFY), "CMS_SignerInfo_verify"},
+{ERR_FUNC(CMS_F_CMS_SIGNERINFO_VERIFY_CERT), "CMS_SIGNERINFO_VERIFY_CERT"},
+{ERR_FUNC(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT), "CMS_SignerInfo_verify_content"},
+{ERR_FUNC(CMS_F_CMS_SIGN_RECEIPT), "CMS_sign_receipt"},
+{ERR_FUNC(CMS_F_CMS_STREAM), "CMS_STREAM"},
+{ERR_FUNC(CMS_F_CMS_UNCOMPRESS), "CMS_uncompress"},
+{ERR_FUNC(CMS_F_CMS_VERIFY), "CMS_verify"},
+{0,NULL}
+ };
+
+static ERR_STRING_DATA CMS_str_reasons[]=
+ {
+{ERR_REASON(CMS_R_ADD_SIGNER_ERROR) ,"add signer error"},
+{ERR_REASON(CMS_R_CERTIFICATE_ALREADY_PRESENT),"certificate already present"},
+{ERR_REASON(CMS_R_CERTIFICATE_HAS_NO_KEYID),"certificate has no keyid"},
+{ERR_REASON(CMS_R_CERTIFICATE_VERIFY_ERROR),"certificate verify error"},
+{ERR_REASON(CMS_R_CIPHER_INITIALISATION_ERROR),"cipher initialisation error"},
+{ERR_REASON(CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR),"cipher parameter initialisation error"},
+{ERR_REASON(CMS_R_CMS_DATAFINAL_ERROR) ,"cms datafinal error"},
+{ERR_REASON(CMS_R_CMS_LIB) ,"cms lib"},
+{ERR_REASON(CMS_R_CONTENTIDENTIFIER_MISMATCH),"contentidentifier mismatch"},
+{ERR_REASON(CMS_R_CONTENT_NOT_FOUND) ,"content not found"},
+{ERR_REASON(CMS_R_CONTENT_TYPE_MISMATCH) ,"content type mismatch"},
+{ERR_REASON(CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA),"content type not compressed data"},
+{ERR_REASON(CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA),"content type not enveloped data"},
+{ERR_REASON(CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA),"content type not signed data"},
+{ERR_REASON(CMS_R_CONTENT_VERIFY_ERROR) ,"content verify error"},
+{ERR_REASON(CMS_R_CTRL_ERROR) ,"ctrl error"},
+{ERR_REASON(CMS_R_CTRL_FAILURE) ,"ctrl failure"},
+{ERR_REASON(CMS_R_DECRYPT_ERROR) ,"decrypt error"},
+{ERR_REASON(CMS_R_DIGEST_ERROR) ,"digest error"},
+{ERR_REASON(CMS_R_ERROR_GETTING_PUBLIC_KEY),"error getting public key"},
+{ERR_REASON(CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE),"error reading messagedigest attribute"},
+{ERR_REASON(CMS_R_ERROR_SETTING_KEY) ,"error setting key"},
+{ERR_REASON(CMS_R_ERROR_SETTING_RECIPIENTINFO),"error setting recipientinfo"},
+{ERR_REASON(CMS_R_INVALID_ENCRYPTED_KEY_LENGTH),"invalid encrypted key length"},
+{ERR_REASON(CMS_R_INVALID_KEY_LENGTH) ,"invalid key length"},
+{ERR_REASON(CMS_R_MD_BIO_INIT_ERROR) ,"md bio init error"},
+{ERR_REASON(CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH),"messagedigest attribute wrong length"},
+{ERR_REASON(CMS_R_MESSAGEDIGEST_WRONG_LENGTH),"messagedigest wrong length"},
+{ERR_REASON(CMS_R_MSGSIGDIGEST_ERROR) ,"msgsigdigest error"},
+{ERR_REASON(CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE),"msgsigdigest verification failure"},
+{ERR_REASON(CMS_R_MSGSIGDIGEST_WRONG_LENGTH),"msgsigdigest wrong length"},
+{ERR_REASON(CMS_R_NEED_ONE_SIGNER) ,"need one signer"},
+{ERR_REASON(CMS_R_NOT_A_SIGNED_RECEIPT) ,"not a signed receipt"},
+{ERR_REASON(CMS_R_NOT_ENCRYPTED_DATA) ,"not encrypted data"},
+{ERR_REASON(CMS_R_NOT_KEK) ,"not kek"},
+{ERR_REASON(CMS_R_NOT_KEY_TRANSPORT) ,"not key transport"},
+{ERR_REASON(CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE),"not supported for this key type"},
+{ERR_REASON(CMS_R_NO_CIPHER) ,"no cipher"},
+{ERR_REASON(CMS_R_NO_CONTENT) ,"no content"},
+{ERR_REASON(CMS_R_NO_CONTENT_TYPE) ,"no content type"},
+{ERR_REASON(CMS_R_NO_DEFAULT_DIGEST) ,"no default digest"},
+{ERR_REASON(CMS_R_NO_DIGEST_SET) ,"no digest set"},
+{ERR_REASON(CMS_R_NO_KEY) ,"no key"},
+{ERR_REASON(CMS_R_NO_KEY_OR_CERT) ,"no key or cert"},
+{ERR_REASON(CMS_R_NO_MATCHING_DIGEST) ,"no matching digest"},
+{ERR_REASON(CMS_R_NO_MATCHING_RECIPIENT) ,"no matching recipient"},
+{ERR_REASON(CMS_R_NO_MATCHING_SIGNATURE) ,"no matching signature"},
+{ERR_REASON(CMS_R_NO_MSGSIGDIGEST) ,"no msgsigdigest"},
+{ERR_REASON(CMS_R_NO_PRIVATE_KEY) ,"no private key"},
+{ERR_REASON(CMS_R_NO_PUBLIC_KEY) ,"no public key"},
+{ERR_REASON(CMS_R_NO_RECEIPT_REQUEST) ,"no receipt request"},
+{ERR_REASON(CMS_R_NO_SIGNERS) ,"no signers"},
+{ERR_REASON(CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE),"private key does not match certificate"},
+{ERR_REASON(CMS_R_RECEIPT_DECODE_ERROR) ,"receipt decode error"},
+{ERR_REASON(CMS_R_RECIPIENT_ERROR) ,"recipient error"},
+{ERR_REASON(CMS_R_SIGNER_CERTIFICATE_NOT_FOUND),"signer certificate not found"},
+{ERR_REASON(CMS_R_SIGNFINAL_ERROR) ,"signfinal error"},
+{ERR_REASON(CMS_R_SMIME_TEXT_ERROR) ,"smime text error"},
+{ERR_REASON(CMS_R_STORE_INIT_ERROR) ,"store init error"},
+{ERR_REASON(CMS_R_TYPE_NOT_COMPRESSED_DATA),"type not compressed data"},
+{ERR_REASON(CMS_R_TYPE_NOT_DATA) ,"type not data"},
+{ERR_REASON(CMS_R_TYPE_NOT_DIGESTED_DATA),"type not digested data"},
+{ERR_REASON(CMS_R_TYPE_NOT_ENCRYPTED_DATA),"type not encrypted data"},
+{ERR_REASON(CMS_R_TYPE_NOT_ENVELOPED_DATA),"type not enveloped data"},
+{ERR_REASON(CMS_R_UNABLE_TO_FINALIZE_CONTEXT),"unable to finalize context"},
+{ERR_REASON(CMS_R_UNKNOWN_CIPHER) ,"unknown cipher"},
+{ERR_REASON(CMS_R_UNKNOWN_DIGEST_ALGORIHM),"unknown digest algorihm"},
+{ERR_REASON(CMS_R_UNKNOWN_ID) ,"unknown id"},
+{ERR_REASON(CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM),"unsupported compression algorithm"},
+{ERR_REASON(CMS_R_UNSUPPORTED_CONTENT_TYPE),"unsupported content type"},
+{ERR_REASON(CMS_R_UNSUPPORTED_KEK_ALGORITHM),"unsupported kek algorithm"},
+{ERR_REASON(CMS_R_UNSUPPORTED_RECIPIENT_TYPE),"unsupported recipient type"},
+{ERR_REASON(CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE),"unsupported recpientinfo type"},
+{ERR_REASON(CMS_R_UNSUPPORTED_TYPE) ,"unsupported type"},
+{ERR_REASON(CMS_R_UNWRAP_ERROR) ,"unwrap error"},
+{ERR_REASON(CMS_R_VERIFICATION_FAILURE) ,"verification failure"},
+{ERR_REASON(CMS_R_WRAP_ERROR) ,"wrap error"},
+{0,NULL}
+ };
+
+#endif
+
+void ERR_load_CMS_strings(void)
+ {
+#ifndef OPENSSL_NO_ERR
+
+ if (ERR_func_error_string(CMS_str_functs[0].error) == NULL)
+ {
+ ERR_load_strings(0,CMS_str_functs);
+ ERR_load_strings(0,CMS_str_reasons);
+ }
+#endif
+ }
--- /dev/null
+/* crypto/cms/cms_ess.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/pem.h>
+#include <openssl/rand.h>
+#include <openssl/x509v3.h>
+#include <openssl/err.h>
+#include <openssl/cms.h>
+#include "cms_lcl.h"
+
+DECLARE_ASN1_ITEM(CMS_ReceiptRequest)
+DECLARE_ASN1_ITEM(CMS_Receipt)
+
+IMPLEMENT_ASN1_FUNCTIONS_const(CMS_ReceiptRequest)
+
+/* ESS services: for now just Signed Receipt related */
+
+int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr)
+ {
+ ASN1_STRING *str;
+ CMS_ReceiptRequest *rr = NULL;
+ if (prr)
+ *prr = NULL;
+ str = CMS_signed_get0_data_by_OBJ(si,
+ OBJ_nid2obj(NID_id_smime_aa_receiptRequest),
+ -3, V_ASN1_SEQUENCE);
+ if (!str)
+ return 0;
+
+ rr = ASN1_item_unpack(str, ASN1_ITEM_rptr(CMS_ReceiptRequest));
+ if (!rr)
+ return -1;
+ if (prr)
+ *prr = rr;
+ else
+ CMS_ReceiptRequest_free(rr);
+ return 1;
+ }
+
+CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen,
+ int allorfirst,
+ STACK_OF(GENERAL_NAMES) *receiptList,
+ STACK_OF(GENERAL_NAMES) *receiptsTo)
+ {
+ CMS_ReceiptRequest *rr = NULL;
+
+ rr = CMS_ReceiptRequest_new();
+ if (!rr)
+ goto merr;
+ if (id)
+ ASN1_STRING_set0(rr->signedContentIdentifier, id, idlen);
+ else
+ {
+ if (!ASN1_STRING_set(rr->signedContentIdentifier, NULL, 32))
+ goto merr;
+ if (RAND_pseudo_bytes(rr->signedContentIdentifier->data, 32)
+ <= 0)
+ goto err;
+ }
+
+ sk_GENERAL_NAMES_pop_free(rr->receiptsTo, GENERAL_NAMES_free);
+ rr->receiptsTo = receiptsTo;
+
+ if (receiptList)
+ {
+ rr->receiptsFrom->type = 1;
+ rr->receiptsFrom->d.receiptList = receiptList;
+ }
+ else
+ {
+ rr->receiptsFrom->type = 0;
+ rr->receiptsFrom->d.allOrFirstTier = allorfirst;
+ }
+
+ return rr;
+
+ merr:
+ CMSerr(CMS_F_CMS_RECEIPTREQUEST_CREATE0, ERR_R_MALLOC_FAILURE);
+
+ err:
+ if (rr)
+ CMS_ReceiptRequest_free(rr);
+
+ return NULL;
+
+ }
+
+int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr)
+ {
+ unsigned char *rrder = NULL;
+ int rrderlen, r = 0;
+
+ rrderlen = i2d_CMS_ReceiptRequest(rr, &rrder);
+ if (rrderlen < 0)
+ goto merr;
+
+ if (!CMS_signed_add1_attr_by_NID(si, NID_id_smime_aa_receiptRequest,
+ V_ASN1_SEQUENCE, rrder, rrderlen))
+ goto merr;
+
+ r = 1;
+
+ merr:
+ if (!r)
+ CMSerr(CMS_F_CMS_ADD1_RECEIPTREQUEST, ERR_R_MALLOC_FAILURE);
+
+ if (rrder)
+ OPENSSL_free(rrder);
+
+ return r;
+
+ }
+
+void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr,
+ ASN1_STRING **pcid,
+ int *pallorfirst,
+ STACK_OF(GENERAL_NAMES) **plist,
+ STACK_OF(GENERAL_NAMES) **prto)
+ {
+ if (pcid)
+ *pcid = rr->signedContentIdentifier;
+ if (rr->receiptsFrom->type == 0)
+ {
+ if (pallorfirst)
+ *pallorfirst = (int)rr->receiptsFrom->d.allOrFirstTier;
+ if (plist)
+ *plist = NULL;
+ }
+ else
+ {
+ if (pallorfirst)
+ *pallorfirst = -1;
+ if (plist)
+ *plist = rr->receiptsFrom->d.receiptList;
+ }
+ if (prto)
+ *prto = rr->receiptsTo;
+ }
+
+/* Digest a SignerInfo structure for msgSigDigest attribute processing */
+
+static int cms_msgSigDigest(CMS_SignerInfo *si,
+ unsigned char *dig, unsigned int *diglen)
+ {
+ const EVP_MD *md;
+ md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm);
+ if (md == NULL)
+ return 0;
+ if (!ASN1_item_digest(ASN1_ITEM_rptr(CMS_Attributes_Verify), md,
+ si->signedAttrs, dig, diglen))
+ return 0;
+ return 1;
+ }
+
+/* Add a msgSigDigest attribute to a SignerInfo */
+
+int cms_msgSigDigest_add1(CMS_SignerInfo *dest, CMS_SignerInfo *src)
+ {
+ unsigned char dig[EVP_MAX_MD_SIZE];
+ unsigned int diglen;
+ if (!cms_msgSigDigest(src, dig, &diglen))
+ {
+ CMSerr(CMS_F_CMS_MSGSIGDIGEST_ADD1, CMS_R_MSGSIGDIGEST_ERROR);
+ return 0;
+ }
+ if (!CMS_signed_add1_attr_by_NID(dest, NID_id_smime_aa_msgSigDigest,
+ V_ASN1_OCTET_STRING, dig, diglen))
+ {
+ CMSerr(CMS_F_CMS_MSGSIGDIGEST_ADD1, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ return 1;
+ }
+
+/* Verify signed receipt after it has already passed normal CMS verify */
+
+int cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms)
+ {
+ int r = 0, i;
+ CMS_ReceiptRequest *rr = NULL;
+ CMS_Receipt *rct = NULL;
+ STACK_OF(CMS_SignerInfo) *sis, *osis;
+ CMS_SignerInfo *si, *osi = NULL;
+ ASN1_OCTET_STRING *msig, **pcont;
+ ASN1_OBJECT *octype;
+ unsigned char dig[EVP_MAX_MD_SIZE];
+ unsigned int diglen;
+
+ /* Get SignerInfos, also checks SignedData content type */
+ osis = CMS_get0_SignerInfos(req_cms);
+ sis = CMS_get0_SignerInfos(cms);
+ if (!osis || !sis)
+ goto err;
+
+ if (sk_CMS_SignerInfo_num(sis) != 1)
+ {
+ CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NEED_ONE_SIGNER);
+ goto err;
+ }
+
+ /* Check receipt content type */
+ if (OBJ_obj2nid(CMS_get0_eContentType(cms)) != NID_id_smime_ct_receipt)
+ {
+ CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NOT_A_SIGNED_RECEIPT);
+ goto err;
+ }
+
+ /* Extract and decode receipt content */
+ pcont = CMS_get0_content(cms);
+ if (!pcont || !*pcont)
+ {
+ CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_CONTENT);
+ goto err;
+ }
+
+ rct = ASN1_item_unpack(*pcont, ASN1_ITEM_rptr(CMS_Receipt));
+
+ if (!rct)
+ {
+ CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_RECEIPT_DECODE_ERROR);
+ goto err;
+ }
+
+ /* Locate original request */
+
+ for (i = 0; i < sk_CMS_SignerInfo_num(osis); i++)
+ {
+ osi = sk_CMS_SignerInfo_value(osis, i);
+ if (!ASN1_STRING_cmp(osi->signature,
+ rct->originatorSignatureValue))
+ break;
+ }
+
+ if (i == sk_CMS_SignerInfo_num(osis))
+ {
+ CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_MATCHING_SIGNATURE);
+ goto err;
+ }
+
+ si = sk_CMS_SignerInfo_value(sis, 0);
+
+ /* Get msgSigDigest value and compare */
+
+ msig = CMS_signed_get0_data_by_OBJ(si,
+ OBJ_nid2obj(NID_id_smime_aa_msgSigDigest),
+ -3, V_ASN1_OCTET_STRING);
+
+ if (!msig)
+ {
+ CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_MSGSIGDIGEST);
+ goto err;
+ }
+
+ if (!cms_msgSigDigest(osi, dig, &diglen))
+ {
+ CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_MSGSIGDIGEST_ERROR);
+ goto err;
+ }
+
+ if (diglen != (unsigned int)msig->length)
+ {
+ CMSerr(CMS_F_CMS_RECEIPT_VERIFY,
+ CMS_R_MSGSIGDIGEST_WRONG_LENGTH);
+ goto err;
+ }
+
+ if (memcmp(dig, msig->data, diglen))
+ {
+ CMSerr(CMS_F_CMS_RECEIPT_VERIFY,
+ CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE);
+ goto err;
+ }
+
+ /* Compare content types */
+
+ octype = CMS_signed_get0_data_by_OBJ(osi,
+ OBJ_nid2obj(NID_pkcs9_contentType),
+ -3, V_ASN1_OBJECT);
+ if (!octype)
+ {
+ CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_CONTENT_TYPE);
+ goto err;
+ }
+
+ /* Compare details in receipt request */
+
+ if (OBJ_cmp(octype, rct->contentType))
+ {
+ CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_CONTENT_TYPE_MISMATCH);
+ goto err;
+ }
+
+ /* Get original receipt request details */
+
+ if (!CMS_get1_ReceiptRequest(osi, &rr))
+ {
+ CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_RECEIPT_REQUEST);
+ goto err;
+ }
+
+ if (ASN1_STRING_cmp(rr->signedContentIdentifier,
+ rct->signedContentIdentifier))
+ {
+ CMSerr(CMS_F_CMS_RECEIPT_VERIFY,
+ CMS_R_CONTENTIDENTIFIER_MISMATCH);
+ goto err;
+ }
+
+ r = 1;
+
+ err:
+ if (rr)
+ CMS_ReceiptRequest_free(rr);
+ if (rct)
+ M_ASN1_free_of(rct, CMS_Receipt);
+
+ return r;
+
+ }
+
+/* Encode a Receipt into an OCTET STRING read for including into content of
+ * a SignedData ContentInfo.
+ */
+
+ASN1_OCTET_STRING *cms_encode_Receipt(CMS_SignerInfo *si)
+ {
+ CMS_Receipt rct;
+ CMS_ReceiptRequest *rr = NULL;
+ ASN1_OBJECT *ctype;
+ ASN1_OCTET_STRING *os = NULL;
+
+ /* Get original receipt request */
+
+ /* Get original receipt request details */
+
+ if (!CMS_get1_ReceiptRequest(si, &rr))
+ {
+ CMSerr(CMS_F_CMS_ENCODE_RECEIPT, CMS_R_NO_RECEIPT_REQUEST);
+ goto err;
+ }
+
+ /* Get original content type */
+
+ ctype = CMS_signed_get0_data_by_OBJ(si,
+ OBJ_nid2obj(NID_pkcs9_contentType),
+ -3, V_ASN1_OBJECT);
+ if (!ctype)
+ {
+ CMSerr(CMS_F_CMS_ENCODE_RECEIPT, CMS_R_NO_CONTENT_TYPE);
+ goto err;
+ }
+
+ rct.version = 1;
+ rct.contentType = ctype;
+ rct.signedContentIdentifier = rr->signedContentIdentifier;
+ rct.originatorSignatureValue = si->signature;
+
+ os = ASN1_item_pack(&rct, ASN1_ITEM_rptr(CMS_Receipt), NULL);
+
+ err:
+ if (rr)
+ CMS_ReceiptRequest_free(rr);
+
+ return os;
+
+ }
+
+
--- /dev/null
+/* crypto/cms/cms_io.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include <openssl/err.h>
+#include <openssl/pem.h>
+#include "cms.h"
+#include "cms_lcl.h"
+
+CMS_ContentInfo *d2i_CMS_bio(BIO *bp, CMS_ContentInfo **cms)
+ {
+ return ASN1_item_d2i_bio(ASN1_ITEM_rptr(CMS_ContentInfo), bp, cms);
+ }
+
+int i2d_CMS_bio(BIO *bp, CMS_ContentInfo *cms)
+ {
+ return ASN1_item_i2d_bio(ASN1_ITEM_rptr(CMS_ContentInfo), bp, cms);
+ }
+
+IMPLEMENT_PEM_rw_const(CMS, CMS_ContentInfo, PEM_STRING_CMS, CMS_ContentInfo)
+
+/* Callback for int_smime_write_ASN1 */
+
+static int cms_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags,
+ const ASN1_ITEM *it)
+ {
+ CMS_ContentInfo *cms = (CMS_ContentInfo *)val;
+ BIO *tmpbio, *cmsbio;
+ int r = 0;
+
+ if (!(flags & SMIME_DETACHED))
+ {
+ SMIME_crlf_copy(data, out, flags);
+ return 1;
+ }
+
+ /* Let CMS code prepend any needed BIOs */
+
+ cmsbio = CMS_dataInit(cms, out);
+
+ if (!cmsbio)
+ return 0;
+
+ /* Copy data across, passing through filter BIOs for processing */
+ SMIME_crlf_copy(data, cmsbio, flags);
+
+ /* Finalize structure */
+ if (CMS_dataFinal(cms, cmsbio) <= 0)
+ goto err;
+
+ r = 1;
+
+ err:
+
+ /* Now remove any digests prepended to the BIO */
+
+ while (cmsbio != out)
+ {
+ tmpbio = BIO_pop(cmsbio);
+ BIO_free(cmsbio);
+ cmsbio = tmpbio;
+ }
+
+ return 1;
+
+ }
+
+
+int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags)
+ {
+ STACK_OF(X509_ALGOR) *mdalgs;
+ int ctype_nid = OBJ_obj2nid(cms->contentType);
+ int econt_nid = OBJ_obj2nid(CMS_get0_eContentType(cms));
+ if (ctype_nid == NID_pkcs7_signed)
+ mdalgs = cms->d.signedData->digestAlgorithms;
+ else
+ mdalgs = NULL;
+
+ return int_smime_write_ASN1(bio, (ASN1_VALUE *)cms, data, flags,
+ ctype_nid, econt_nid, mdalgs,
+ cms_output_data,
+ ASN1_ITEM_rptr(CMS_ContentInfo));
+ }
+
+CMS_ContentInfo *SMIME_read_CMS(BIO *bio, BIO **bcont)
+ {
+ return (CMS_ContentInfo *)SMIME_read_ASN1(bio, bcont,
+ ASN1_ITEM_rptr(CMS_ContentInfo));
+ }
--- /dev/null
+/* crypto/cms/cms_lcl.h */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#ifndef HEADER_CMS_LCL_H
+#define HEADER_CMS_LCL_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include <openssl/x509.h>
+
+/* Cryptographic message syntax (CMS) structures: taken
+ * from RFC3852
+ */
+
+/* Forward references */
+
+typedef struct CMS_IssuerAndSerialNumber_st CMS_IssuerAndSerialNumber;
+typedef struct CMS_EncapsulatedContentInfo_st CMS_EncapsulatedContentInfo;
+typedef struct CMS_SignerIdentifier_st CMS_SignerIdentifier;
+typedef struct CMS_SignedData_st CMS_SignedData;
+typedef struct CMS_OtherRevocationInfoFormat_st CMS_OtherRevocationInfoFormat;
+typedef struct CMS_OriginatorInfo_st CMS_OriginatorInfo;
+typedef struct CMS_EncryptedContentInfo_st CMS_EncryptedContentInfo;
+typedef struct CMS_EnvelopedData_st CMS_EnvelopedData;
+typedef struct CMS_DigestedData_st CMS_DigestedData;
+typedef struct CMS_EncryptedData_st CMS_EncryptedData;
+typedef struct CMS_AuthenticatedData_st CMS_AuthenticatedData;
+typedef struct CMS_CompressedData_st CMS_CompressedData;
+typedef struct CMS_OtherCertificateFormat_st CMS_OtherCertificateFormat;
+typedef struct CMS_KeyTransRecipientInfo_st CMS_KeyTransRecipientInfo;
+typedef struct CMS_OriginatorPublicKey_st CMS_OriginatorPublicKey;
+typedef struct CMS_OriginatorIdentifierOrKey_st CMS_OriginatorIdentifierOrKey;
+typedef struct CMS_KeyAgreeRecipientInfo_st CMS_KeyAgreeRecipientInfo;
+typedef struct CMS_OtherKeyAttribute_st CMS_OtherKeyAttribute;
+typedef struct CMS_RecipientKeyIdentifier_st CMS_RecipientKeyIdentifier;
+typedef struct CMS_KeyAgreeRecipientIdentifier_st CMS_KeyAgreeRecipientIdentifier;
+typedef struct CMS_RecipientEncryptedKey_st CMS_RecipientEncryptedKey;
+typedef struct CMS_KEKIdentifier_st CMS_KEKIdentifier;
+typedef struct CMS_KEKRecipientInfo_st CMS_KEKRecipientInfo;
+typedef struct CMS_PasswordRecipientInfo_st CMS_PasswordRecipientInfo;
+typedef struct CMS_OtherRecipientInfo_st CMS_OtherRecipientInfo;
+typedef struct CMS_ReceiptsFrom_st CMS_ReceiptsFrom;
+
+struct CMS_ContentInfo_st
+ {
+ ASN1_OBJECT *contentType;
+ union {
+ ASN1_OCTET_STRING *data;
+ CMS_SignedData *signedData;
+ CMS_EnvelopedData *envelopedData;
+ CMS_DigestedData *digestedData;
+ CMS_EncryptedData *encryptedData;
+ CMS_AuthenticatedData *authenticatedData;
+ CMS_CompressedData *compressedData;
+ ASN1_TYPE *other;
+ /* Other types ... */
+ void *otherData;
+ } d;
+ };
+
+struct CMS_SignedData_st
+ {
+ long version;
+ STACK_OF(X509_ALGOR) *digestAlgorithms;
+ CMS_EncapsulatedContentInfo *encapContentInfo;
+ STACK_OF(CMS_CertificateChoices) *certificates;
+ STACK_OF(CMS_RevocationInfoChoice) *crls;
+ STACK_OF(CMS_SignerInfo) *signerInfos;
+ };
+
+struct CMS_EncapsulatedContentInfo_st
+ {
+ ASN1_OBJECT *eContentType;
+ ASN1_OCTET_STRING *eContent;
+ /* Set to 1 if incomplete structure only part set up */
+ int partial;
+ };
+
+struct CMS_SignerInfo_st
+ {
+ long version;
+ CMS_SignerIdentifier *sid;
+ X509_ALGOR *digestAlgorithm;
+ STACK_OF(X509_ATTRIBUTE) *signedAttrs;
+ X509_ALGOR *signatureAlgorithm;
+ ASN1_OCTET_STRING *signature;
+ STACK_OF(X509_ATTRIBUTE) *unsignedAttrs;
+ /* Signing certificate and key */
+ X509 *signer;
+ EVP_PKEY *pkey;
+ };
+
+struct CMS_SignerIdentifier_st
+ {
+ int type;
+ union {
+ CMS_IssuerAndSerialNumber *issuerAndSerialNumber;
+ ASN1_OCTET_STRING *subjectKeyIdentifier;
+ } d;
+ };
+
+struct CMS_EnvelopedData_st
+ {
+ long version;
+ CMS_OriginatorInfo *originatorInfo;
+ STACK_OF(CMS_RecipientInfo) *recipientInfos;
+ CMS_EncryptedContentInfo *encryptedContentInfo;
+ STACK_OF(X509_ATTRIBUTE) *unprotectedAttrs;
+ };
+
+struct CMS_OriginatorInfo_st
+ {
+ STACK_OF(CMS_CertificateChoices) *certificates;
+ STACK_OF(CMS_RevocationInfoChoice) *crls;
+ };
+
+struct CMS_EncryptedContentInfo_st
+ {
+ ASN1_OBJECT *contentType;
+ X509_ALGOR *contentEncryptionAlgorithm;
+ ASN1_OCTET_STRING *encryptedContent;
+ /* Content encryption algorithm and key */
+ const EVP_CIPHER *cipher;
+ unsigned char *key;
+ size_t keylen;
+ };
+
+struct CMS_RecipientInfo_st
+ {
+ int type;
+ union {
+ CMS_KeyTransRecipientInfo *ktri;
+ CMS_KeyAgreeRecipientInfo *kari;
+ CMS_KEKRecipientInfo *kekri;
+ CMS_PasswordRecipientInfo *pwri;
+ CMS_OtherRecipientInfo *ori;
+ } d;
+ };
+
+typedef CMS_SignerIdentifier CMS_RecipientIdentifier;
+
+struct CMS_KeyTransRecipientInfo_st
+ {
+ long version;
+ CMS_RecipientIdentifier *rid;
+ X509_ALGOR *keyEncryptionAlgorithm;
+ ASN1_OCTET_STRING *encryptedKey;
+ /* Recipient Key and cert */
+ X509 *recip;
+ EVP_PKEY *pkey;
+ };
+
+struct CMS_KeyAgreeRecipientInfo_st
+ {
+ long version;
+ CMS_OriginatorIdentifierOrKey *originator;
+ ASN1_OCTET_STRING *ukm;
+ X509_ALGOR *keyEncryptionAlgorithm;
+ STACK_OF(CMS_RecipientEncryptedKey) *recipientEncryptedKeys;
+ };
+
+struct CMS_OriginatorIdentifierOrKey_st
+ {
+ int type;
+ union {
+ CMS_IssuerAndSerialNumber *issuerAndSerialNumber;
+ ASN1_OCTET_STRING *subjectKeyIdentifier;
+ CMS_OriginatorPublicKey *originatorKey;
+ } d;
+ };
+
+struct CMS_OriginatorPublicKey_st
+ {
+ X509_ALGOR *algorithm;
+ ASN1_BIT_STRING *publicKey;
+ };
+
+struct CMS_RecipientEncryptedKey_st
+ {
+ CMS_KeyAgreeRecipientIdentifier *rid;
+ ASN1_OCTET_STRING *encryptedKey;
+ };
+
+struct CMS_KeyAgreeRecipientIdentifier_st
+ {
+ int type;
+ union {
+ CMS_IssuerAndSerialNumber *issuerAndSerialNumber;
+ CMS_RecipientKeyIdentifier *rKeyId;
+ } d;
+ };
+
+struct CMS_RecipientKeyIdentifier_st
+ {
+ ASN1_OCTET_STRING *subjectKeyIdentifier;
+ ASN1_GENERALIZEDTIME *date;
+ CMS_OtherKeyAttribute *other;
+ };
+
+struct CMS_KEKRecipientInfo_st
+ {
+ long version;
+ CMS_KEKIdentifier *kekid;
+ X509_ALGOR *keyEncryptionAlgorithm;
+ ASN1_OCTET_STRING *encryptedKey;
+ /* Extra info: symmetric key to use */
+ unsigned char *key;
+ size_t keylen;
+ };
+
+struct CMS_KEKIdentifier_st
+ {
+ ASN1_OCTET_STRING *keyIdentifier;
+ ASN1_GENERALIZEDTIME *date;
+ CMS_OtherKeyAttribute *other;
+ };
+
+struct CMS_PasswordRecipientInfo_st
+ {
+ long version;
+ X509_ALGOR *keyDerivationAlgorithm;
+ X509_ALGOR *keyEncryptionAlgorithm;
+ ASN1_OCTET_STRING *encryptedKey;
+ };
+
+struct CMS_OtherRecipientInfo_st
+ {
+ ASN1_OBJECT *oriType;
+ ASN1_TYPE *oriValue;
+ };
+
+struct CMS_DigestedData_st
+ {
+ long version;
+ X509_ALGOR *digestAlgorithm;
+ CMS_EncapsulatedContentInfo *encapContentInfo;
+ ASN1_OCTET_STRING *digest;
+ };
+
+struct CMS_EncryptedData_st
+ {
+ long version;
+ CMS_EncryptedContentInfo *encryptedContentInfo;
+ STACK_OF(X509_ATTRIBUTE) *unprotectedAttrs;
+ };
+
+struct CMS_AuthenticatedData_st
+ {
+ long version;
+ CMS_OriginatorInfo *originatorInfo;
+ STACK_OF(CMS_RecipientInfo) *recipientInfos;
+ X509_ALGOR *macAlgorithm;
+ X509_ALGOR *digestAlgorithm;
+ CMS_EncapsulatedContentInfo *encapContentInfo;
+ STACK_OF(X509_ATTRIBUTE) *authAttrs;
+ ASN1_OCTET_STRING *mac;
+ STACK_OF(X509_ATTRIBUTE) *unauthAttrs;
+ };
+
+struct CMS_CompressedData_st
+ {
+ long version;
+ X509_ALGOR *compressionAlgorithm;
+ STACK_OF(CMS_RecipientInfo) *recipientInfos;
+ CMS_EncapsulatedContentInfo *encapContentInfo;
+ };
+
+struct CMS_RevocationInfoChoice_st
+ {
+ int type;
+ union {
+ X509_CRL *crl;
+ CMS_OtherRevocationInfoFormat *other;
+ } d;
+ };
+
+#define CMS_REVCHOICE_CRL 0
+#define CMS_REVCHOICE_OTHER 1
+
+struct CMS_OtherRevocationInfoFormat_st
+ {
+ ASN1_OBJECT *otherRevInfoFormat;
+ ASN1_TYPE *otherRevInfo;
+ };
+
+struct CMS_CertificateChoices
+ {
+ int type;
+ union {
+ X509 *certificate;
+ ASN1_STRING *extendedCertificate; /* Obsolete */
+ ASN1_STRING *v1AttrCert; /* Left encoded for now */
+ ASN1_STRING *v2AttrCert; /* Left encoded for now */
+ CMS_OtherCertificateFormat *other;
+ } d;
+ };
+
+#define CMS_CERTCHOICE_CERT 0
+#define CMS_CERTCHOICE_EXCERT 1
+#define CMS_CERTCHOICE_V1ACERT 2
+#define CMS_CERTCHOICE_V2ACERT 3
+#define CMS_CERTCHOICE_OTHER 4
+
+struct CMS_OtherCertificateFormat_st
+ {
+ ASN1_OBJECT *otherCertFormat;
+ ASN1_TYPE *otherCert;
+ };
+
+/* This is also defined in pkcs7.h but we duplicate it
+ * to allow the CMS code to be independent of PKCS#7
+ */
+
+struct CMS_IssuerAndSerialNumber_st
+ {
+ X509_NAME *issuer;
+ ASN1_INTEGER *serialNumber;
+ };
+
+struct CMS_OtherKeyAttribute_st
+ {
+ ASN1_OBJECT *keyAttrId;
+ ASN1_TYPE *keyAttr;
+ };
+
+/* ESS structures */
+
+#ifdef HEADER_X509V3_H
+
+struct CMS_ReceiptRequest_st
+ {
+ ASN1_OCTET_STRING *signedContentIdentifier;
+ CMS_ReceiptsFrom *receiptsFrom;
+ STACK_OF(GENERAL_NAMES) *receiptsTo;
+ };
+
+
+struct CMS_ReceiptsFrom_st
+ {
+ int type;
+ union
+ {
+ long allOrFirstTier;
+ STACK_OF(GENERAL_NAMES) *receiptList;
+ } d;
+ };
+#endif
+
+struct CMS_Receipt_st
+ {
+ long version;
+ ASN1_OBJECT *contentType;
+ ASN1_OCTET_STRING *signedContentIdentifier;
+ ASN1_OCTET_STRING *originatorSignatureValue;
+ };
+
+DECLARE_ASN1_ITEM(CMS_SignerInfo)
+DECLARE_ASN1_ITEM(CMS_IssuerAndSerialNumber)
+DECLARE_ASN1_ITEM(CMS_Attributes_Sign)
+DECLARE_ASN1_ITEM(CMS_Attributes_Verify)
+DECLARE_ASN1_ALLOC_FUNCTIONS(CMS_IssuerAndSerialNumber)
+
+#define CMS_SIGNERINFO_ISSUER_SERIAL 0
+#define CMS_SIGNERINFO_KEYIDENTIFIER 1
+
+#define CMS_RECIPINFO_ISSUER_SERIAL 0
+#define CMS_RECIPINFO_KEYIDENTIFIER 1
+
+BIO *cms_content_bio(CMS_ContentInfo *cms);
+
+CMS_ContentInfo *cms_Data_create(void);
+
+CMS_ContentInfo *cms_DigestedData_create(const EVP_MD *md);
+BIO *cms_DigestedData_init_bio(CMS_ContentInfo *cms);
+int cms_DigestedData_do_final(CMS_ContentInfo *cms, BIO *chain, int verify);
+
+BIO *cms_SignedData_init_bio(CMS_ContentInfo *cms);
+int cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain);
+int cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert, int type);
+int cms_SignerIdentifier_get0_signer_id(CMS_SignerIdentifier *sid,
+ ASN1_OCTET_STRING **keyid,
+ X509_NAME **issuer, ASN1_INTEGER **sno);
+int cms_SignerIdentifier_cert_cmp(CMS_SignerIdentifier *sid, X509 *cert);
+
+CMS_ContentInfo *cms_CompressedData_create(int comp_nid);
+BIO *cms_CompressedData_init_bio(CMS_ContentInfo *cms);
+
+void cms_DigestAlgorithm_set(X509_ALGOR *alg, const EVP_MD *md);
+BIO *cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm);
+int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain,
+ X509_ALGOR *mdalg);
+
+BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec);
+BIO *cms_EncryptedData_init_bio(CMS_ContentInfo *cms);
+int cms_EncryptedContent_init(CMS_EncryptedContentInfo *ec,
+ const EVP_CIPHER *cipher,
+ const unsigned char *key, size_t keylen);
+
+int cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms);
+int cms_msgSigDigest_add1(CMS_SignerInfo *dest, CMS_SignerInfo *src);
+ASN1_OCTET_STRING *cms_encode_Receipt(CMS_SignerInfo *si);
+
+BIO *cms_EnvelopedData_init_bio(CMS_ContentInfo *cms);
+
+#ifdef __cplusplus
+}
+#endif
+#endif
--- /dev/null
+/* crypto/cms/cms_lib.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include <openssl/err.h>
+#include <openssl/pem.h>
+#include <openssl/bio.h>
+#include <openssl/asn1.h>
+#include "cms.h"
+#include "cms_lcl.h"
+
+IMPLEMENT_ASN1_FUNCTIONS_const(CMS_ContentInfo)
+
+DECLARE_ASN1_ITEM(CMS_CertificateChoices)
+DECLARE_ASN1_ITEM(CMS_RevocationInfoChoice)
+DECLARE_STACK_OF(CMS_CertificateChoices)
+DECLARE_STACK_OF(CMS_RevocationInfoChoice)
+
+const ASN1_OBJECT *CMS_get0_type(CMS_ContentInfo *cms)
+ {
+ return cms->contentType;
+ }
+
+CMS_ContentInfo *cms_Data_create(void)
+ {
+ CMS_ContentInfo *cms;
+ cms = CMS_ContentInfo_new();
+ if (cms)
+ {
+ cms->contentType = OBJ_nid2obj(NID_pkcs7_data);
+ /* Never detached */
+ CMS_set_detached(cms, 0);
+ }
+ return cms;
+ }
+
+BIO *cms_content_bio(CMS_ContentInfo *cms)
+ {
+ ASN1_OCTET_STRING **pos = CMS_get0_content(cms);
+ if (!pos)
+ return NULL;
+ /* If content detached data goes nowhere: create NULL BIO */
+ if (!*pos)
+ return BIO_new(BIO_s_null());
+ /* If content not detached and created return memory BIO
+ */
+ if (!*pos || ((*pos)->flags == ASN1_STRING_FLAG_CONT))
+ return BIO_new(BIO_s_mem());
+ /* Else content was read in: return read only BIO for it */
+ return BIO_new_mem_buf((*pos)->data, (*pos)->length);
+ }
+
+BIO *CMS_dataInit(CMS_ContentInfo *cms, BIO *icont)
+ {
+ BIO *cmsbio, *cont;
+ if (icont)
+ cont = icont;
+ else
+ cont = cms_content_bio(cms);
+ if (!cont)
+ {
+ CMSerr(CMS_F_CMS_DATAINIT, CMS_R_NO_CONTENT);
+ return NULL;
+ }
+ switch (OBJ_obj2nid(cms->contentType))
+ {
+
+ case NID_pkcs7_data:
+ return cont;
+
+ case NID_pkcs7_signed:
+ cmsbio = cms_SignedData_init_bio(cms);
+ break;
+
+ case NID_pkcs7_digest:
+ cmsbio = cms_DigestedData_init_bio(cms);
+ break;
+#ifdef ZLIB
+ case NID_id_smime_ct_compressedData:
+ cmsbio = cms_CompressedData_init_bio(cms);
+ break;
+#endif
+
+ case NID_pkcs7_encrypted:
+ cmsbio = cms_EncryptedData_init_bio(cms);
+ break;
+
+ case NID_pkcs7_enveloped:
+ cmsbio = cms_EnvelopedData_init_bio(cms);
+ break;
+
+ default:
+ CMSerr(CMS_F_CMS_DATAINIT, CMS_R_UNSUPPORTED_TYPE);
+ return NULL;
+ }
+
+ if (cmsbio)
+ return BIO_push(cmsbio, cont);
+
+ if (!icont)
+ BIO_free(cont);
+ return NULL;
+
+ }
+
+int CMS_dataFinal(CMS_ContentInfo *cms, BIO *cmsbio)
+ {
+ ASN1_OCTET_STRING **pos = CMS_get0_content(cms);
+ if (!pos)
+ return 0;
+ /* If ebmedded content find memory BIO and set content */
+ if (*pos && ((*pos)->flags & ASN1_STRING_FLAG_CONT))
+ {
+ BIO *mbio;
+ unsigned char *cont;
+ long contlen;
+ mbio = BIO_find_type(cmsbio, BIO_TYPE_MEM);
+ if (!mbio)
+ {
+ CMSerr(CMS_F_CMS_DATAFINAL, CMS_R_CONTENT_NOT_FOUND);
+ return 0;
+ }
+ contlen = BIO_get_mem_data(mbio, &cont);
+ /* Set bio as read only so its content can't be clobbered */
+ BIO_set_flags(mbio, BIO_FLAGS_MEM_RDONLY);
+ BIO_set_mem_eof_return(mbio, 0);
+ ASN1_STRING_set0(*pos, cont, contlen);
+ (*pos)->flags &= ~ASN1_STRING_FLAG_CONT;
+ }
+
+ switch (OBJ_obj2nid(cms->contentType))
+ {
+
+ case NID_pkcs7_data:
+ case NID_pkcs7_enveloped:
+ case NID_pkcs7_encrypted:
+ case NID_id_smime_ct_compressedData:
+ /* Nothing to do */
+ return 1;
+
+ case NID_pkcs7_signed:
+ return cms_SignedData_final(cms, cmsbio);
+
+ case NID_pkcs7_digest:
+ return cms_DigestedData_do_final(cms, cmsbio, 0);
+
+ default:
+ CMSerr(CMS_F_CMS_DATAFINAL, CMS_R_UNSUPPORTED_TYPE);
+ return 0;
+ }
+ }
+
+/* Return an OCTET STRING pointer to content. This allows it to
+ * be accessed or set later.
+ */
+
+ASN1_OCTET_STRING **CMS_get0_content(CMS_ContentInfo *cms)
+ {
+ switch (OBJ_obj2nid(cms->contentType))
+ {
+
+ case NID_pkcs7_data:
+ return &cms->d.data;
+
+ case NID_pkcs7_signed:
+ return &cms->d.signedData->encapContentInfo->eContent;
+
+ case NID_pkcs7_enveloped:
+ return &cms->d.envelopedData->encryptedContentInfo->encryptedContent;
+
+ case NID_pkcs7_digest:
+ return &cms->d.digestedData->encapContentInfo->eContent;
+
+ case NID_pkcs7_encrypted:
+ return &cms->d.encryptedData->encryptedContentInfo->encryptedContent;
+
+ case NID_id_smime_ct_authData:
+ return &cms->d.authenticatedData->encapContentInfo->eContent;
+
+ case NID_id_smime_ct_compressedData:
+ return &cms->d.compressedData->encapContentInfo->eContent;
+
+ default:
+ if (cms->d.other->type == V_ASN1_OCTET_STRING)
+ return &cms->d.other->value.octet_string;
+ CMSerr(CMS_F_CMS_GET0_CONTENT, CMS_R_UNSUPPORTED_CONTENT_TYPE);
+ return NULL;
+
+ }
+ }
+
+/* Return an ASN1_OBJECT pointer to content type. This allows it to
+ * be accessed or set later.
+ */
+
+static ASN1_OBJECT **cms_get0_econtent_type(CMS_ContentInfo *cms)
+ {
+ switch (OBJ_obj2nid(cms->contentType))
+ {
+
+ case NID_pkcs7_signed:
+ return &cms->d.signedData->encapContentInfo->eContentType;
+
+ case NID_pkcs7_enveloped:
+ return &cms->d.envelopedData->encryptedContentInfo->contentType;
+
+ case NID_pkcs7_digest:
+ return &cms->d.digestedData->encapContentInfo->eContentType;
+
+ case NID_pkcs7_encrypted:
+ return &cms->d.encryptedData->encryptedContentInfo->contentType;
+
+ case NID_id_smime_ct_authData:
+ return &cms->d.authenticatedData->encapContentInfo->eContentType;
+
+ case NID_id_smime_ct_compressedData:
+ return &cms->d.compressedData->encapContentInfo->eContentType;
+
+ default:
+ CMSerr(CMS_F_CMS_GET0_ECONTENT_TYPE,
+ CMS_R_UNSUPPORTED_CONTENT_TYPE);
+ return NULL;
+
+ }
+ }
+
+const ASN1_OBJECT *CMS_get0_eContentType(CMS_ContentInfo *cms)
+ {
+ ASN1_OBJECT **petype;
+ petype = cms_get0_econtent_type(cms);
+ if (petype)
+ return *petype;
+ return NULL;
+ }
+
+int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid)
+ {
+ ASN1_OBJECT **petype, *etype;
+ petype = cms_get0_econtent_type(cms);
+ if (!petype)
+ return 0;
+ if (!oid)
+ return 1;
+ etype = OBJ_dup(oid);
+ if (!etype)
+ return 0;
+ ASN1_OBJECT_free(*petype);
+ *petype = etype;
+ return 1;
+ }
+
+int CMS_is_detached(CMS_ContentInfo *cms)
+ {
+ ASN1_OCTET_STRING **pos;
+ pos = CMS_get0_content(cms);
+ if (!pos)
+ return -1;
+ if (*pos)
+ return 0;
+ return 1;
+ }
+
+int CMS_set_detached(CMS_ContentInfo *cms, int detached)
+ {
+ ASN1_OCTET_STRING **pos;
+ pos = CMS_get0_content(cms);
+ if (!pos)
+ return 0;
+ if (detached)
+ {
+ if (*pos)
+ {
+ ASN1_OCTET_STRING_free(*pos);
+ *pos = NULL;
+ }
+ return 1;
+ }
+ if (!*pos)
+ *pos = ASN1_OCTET_STRING_new();
+ if (*pos)
+ {
+ /* NB: special flag to show content is created and not
+ * read in.
+ */
+ (*pos)->flags |= ASN1_STRING_FLAG_CONT;
+ return 1;
+ }
+ CMSerr(CMS_F_CMS_SET_DETACHED, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+
+/* Set up an X509_ALGOR DigestAlgorithmIdentifier from an EVP_MD */
+
+void cms_DigestAlgorithm_set(X509_ALGOR *alg, const EVP_MD *md)
+ {
+ int param_type;
+
+ switch (EVP_MD_type(md))
+ {
+ case NID_sha1:
+ case NID_sha224:
+ case NID_sha256:
+ case NID_sha384:
+ case NID_sha512:
+ param_type = V_ASN1_UNDEF;
+ break;
+
+ default:
+ param_type = V_ASN1_NULL;
+ break;
+ }
+
+ X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_MD_type(md)), param_type, NULL);
+
+ }
+
+/* Create a digest BIO from an X509_ALGOR structure */
+
+BIO *cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm)
+ {
+ BIO *mdbio = NULL;
+ ASN1_OBJECT *digestoid;
+ const EVP_MD *digest;
+ X509_ALGOR_get0(&digestoid, NULL, NULL, digestAlgorithm);
+ digest = EVP_get_digestbyobj(digestoid);
+ if (!digest)
+ {
+ CMSerr(CMS_F_CMS_DIGESTALGORITHM_INIT_BIO,
+ CMS_R_UNKNOWN_DIGEST_ALGORIHM);
+ goto err;
+ }
+ mdbio = BIO_new(BIO_f_md());
+ if (!mdbio || !BIO_set_md(mdbio, digest))
+ {
+ CMSerr(CMS_F_CMS_DIGESTALGORITHM_INIT_BIO,
+ CMS_R_MD_BIO_INIT_ERROR);
+ goto err;
+ }
+ return mdbio;
+ err:
+ if (mdbio)
+ BIO_free(mdbio);
+ return NULL;
+ }
+
+/* Locate a message digest content from a BIO chain based on SignerInfo */
+
+int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain,
+ X509_ALGOR *mdalg)
+ {
+ int nid;
+ ASN1_OBJECT *mdoid;
+ X509_ALGOR_get0(&mdoid, NULL, NULL, mdalg);
+ nid = OBJ_obj2nid(mdoid);
+ /* Look for digest type to match signature */
+ for (;;)
+ {
+ EVP_MD_CTX *mtmp;
+ chain = BIO_find_type(chain, BIO_TYPE_MD);
+ if (chain == NULL)
+ {
+ CMSerr(CMS_F_CMS_DIGESTALGORITHM_FIND_CTX,
+ CMS_R_NO_MATCHING_DIGEST);
+ return 0;
+ }
+ BIO_get_md_ctx(chain, &mtmp);
+ if (EVP_MD_CTX_type(mtmp) == nid)
+ {
+ EVP_MD_CTX_copy_ex(mctx, mtmp);
+ return 1;
+ }
+ chain = BIO_next(chain);
+ }
+ }
+
+static STACK_OF(CMS_CertificateChoices) **cms_get0_certificate_choices(CMS_ContentInfo *cms)
+ {
+ switch (OBJ_obj2nid(cms->contentType))
+ {
+
+ case NID_pkcs7_signed:
+ return &cms->d.signedData->certificates;
+
+ case NID_pkcs7_enveloped:
+ return &cms->d.envelopedData->originatorInfo->certificates;
+
+ default:
+ CMSerr(CMS_F_CMS_GET0_CERTIFICATE_CHOICES,
+ CMS_R_UNSUPPORTED_CONTENT_TYPE);
+ return NULL;
+
+ }
+ }
+
+CMS_CertificateChoices *CMS_add0_CertificateChoices(CMS_ContentInfo *cms)
+ {
+ STACK_OF(CMS_CertificateChoices) **pcerts;
+ CMS_CertificateChoices *cch;
+ pcerts = cms_get0_certificate_choices(cms);
+ if (!pcerts)
+ return NULL;
+ if (!*pcerts)
+ *pcerts = sk_CMS_CertificateChoices_new_null();
+ if (!*pcerts)
+ return NULL;
+ cch = M_ASN1_new_of(CMS_CertificateChoices);
+ if (!cch)
+ return NULL;
+ if (!sk_CMS_CertificateChoices_push(*pcerts, cch))
+ {
+ M_ASN1_free_of(cch, CMS_CertificateChoices);
+ return NULL;
+ }
+ return cch;
+ }
+
+int CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert)
+ {
+ CMS_CertificateChoices *cch;
+ STACK_OF(CMS_CertificateChoices) **pcerts;
+ int i;
+ pcerts = cms_get0_certificate_choices(cms);
+ if (!pcerts)
+ return 0;
+ if (!pcerts)
+ return 0;
+ for (i = 0; i < sk_CMS_CertificateChoices_num(*pcerts); i++)
+ {
+ cch = sk_CMS_CertificateChoices_value(*pcerts, i);
+ if (cch->type == CMS_CERTCHOICE_CERT)
+ {
+ if (!X509_cmp(cch->d.certificate, cert))
+ {
+ CMSerr(CMS_F_CMS_ADD0_CERT,
+ CMS_R_CERTIFICATE_ALREADY_PRESENT);
+ return 0;
+ }
+ }
+ }
+ cch = CMS_add0_CertificateChoices(cms);
+ if (!cch)
+ return 0;
+ cch->type = CMS_CERTCHOICE_CERT;
+ cch->d.certificate = cert;
+ return 1;
+ }
+
+int CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert)
+ {
+ int r;
+ r = CMS_add0_cert(cms, cert);
+ if (r > 0)
+ CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509);
+ return r;
+ }
+
+static STACK_OF(CMS_RevocationInfoChoice) **cms_get0_revocation_choices(CMS_ContentInfo *cms)
+ {
+ switch (OBJ_obj2nid(cms->contentType))
+ {
+
+ case NID_pkcs7_signed:
+ return &cms->d.signedData->crls;
+
+ case NID_pkcs7_enveloped:
+ return &cms->d.envelopedData->originatorInfo->crls;
+
+ default:
+ CMSerr(CMS_F_CMS_GET0_REVOCATION_CHOICES,
+ CMS_R_UNSUPPORTED_CONTENT_TYPE);
+ return NULL;
+
+ }
+ }
+
+CMS_RevocationInfoChoice *CMS_add0_RevocationInfoChoice(CMS_ContentInfo *cms)
+ {
+ STACK_OF(CMS_RevocationInfoChoice) **pcrls;
+ CMS_RevocationInfoChoice *rch;
+ pcrls = cms_get0_revocation_choices(cms);
+ if (!pcrls)
+ return NULL;
+ if (!*pcrls)
+ *pcrls = sk_CMS_RevocationInfoChoice_new_null();
+ if (!*pcrls)
+ return NULL;
+ rch = M_ASN1_new_of(CMS_RevocationInfoChoice);
+ if (!rch)
+ return NULL;
+ if (!sk_CMS_RevocationInfoChoice_push(*pcrls, rch))
+ {
+ M_ASN1_free_of(rch, CMS_RevocationInfoChoice);
+ return NULL;
+ }
+ return rch;
+ }
+
+int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl)
+ {
+ CMS_RevocationInfoChoice *rch;
+ rch = CMS_add0_RevocationInfoChoice(cms);
+ if (!rch)
+ return 0;
+ rch->type = CMS_REVCHOICE_CRL;
+ rch->d.crl = crl;
+ return 1;
+ }
+
+STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms)
+ {
+ STACK_OF(X509) *certs = NULL;
+ CMS_CertificateChoices *cch;
+ STACK_OF(CMS_CertificateChoices) **pcerts;
+ int i;
+ pcerts = cms_get0_certificate_choices(cms);
+ if (!pcerts)
+ return NULL;
+ for (i = 0; i < sk_CMS_CertificateChoices_num(*pcerts); i++)
+ {
+ cch = sk_CMS_CertificateChoices_value(*pcerts, i);
+ if (cch->type == 0)
+ {
+ if (!certs)
+ {
+ certs = sk_X509_new_null();
+ if (!certs)
+ return NULL;
+ }
+ if (!sk_X509_push(certs, cch->d.certificate))
+ {
+ sk_X509_pop_free(certs, X509_free);
+ return NULL;
+ }
+ CRYPTO_add(&cch->d.certificate->references,
+ 1, CRYPTO_LOCK_X509);
+ }
+ }
+ return certs;
+
+ }
+
+STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms)
+ {
+ STACK_OF(X509_CRL) *crls = NULL;
+ STACK_OF(CMS_RevocationInfoChoice) **pcrls;
+ CMS_RevocationInfoChoice *rch;
+ int i;
+ pcrls = cms_get0_revocation_choices(cms);
+ if (!pcrls)
+ return NULL;
+ for (i = 0; i < sk_CMS_RevocationInfoChoice_num(*pcrls); i++)
+ {
+ rch = sk_CMS_RevocationInfoChoice_value(*pcrls, i);
+ if (rch->type == 0)
+ {
+ if (!crls)
+ {
+ crls = sk_X509_CRL_new_null();
+ if (!crls)
+ return NULL;
+ }
+ if (!sk_X509_CRL_push(crls, rch->d.crl))
+ {
+ sk_X509_CRL_pop_free(crls, X509_CRL_free);
+ return NULL;
+ }
+ CRYPTO_add(&rch->d.crl->references,
+ 1, CRYPTO_LOCK_X509_CRL);
+ }
+ }
+ return crls;
+ }
--- /dev/null
+/* crypto/cms/cms_sd.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/pem.h>
+#include <openssl/x509v3.h>
+#include <openssl/err.h>
+#include <openssl/cms.h>
+#include "cms_lcl.h"
+
+/* CMS SignedData Utilities */
+
+DECLARE_ASN1_ITEM(CMS_SignedData)
+
+static CMS_SignedData *cms_get0_signed(CMS_ContentInfo *cms)
+ {
+ if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_signed)
+ {
+ CMSerr(CMS_F_CMS_GET0_SIGNED, CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA);
+ return NULL;
+ }
+ return cms->d.signedData;
+ }
+
+static CMS_SignedData *cms_signed_data_init(CMS_ContentInfo *cms)
+ {
+ if (cms->d.other == NULL)
+ {
+ cms->d.signedData = M_ASN1_new_of(CMS_SignedData);
+ if (!cms->d.signedData)
+ {
+ CMSerr(CMS_F_CMS_SIGNED_DATA_INIT, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+ cms->d.signedData->version = 1;
+ cms->d.signedData->encapContentInfo->eContentType =
+ OBJ_nid2obj(NID_pkcs7_data);
+ cms->d.signedData->encapContentInfo->partial = 1;
+ ASN1_OBJECT_free(cms->contentType);
+ cms->contentType = OBJ_nid2obj(NID_pkcs7_signed);
+ return cms->d.signedData;
+ }
+ return cms_get0_signed(cms);
+ }
+
+/* Just initialize SignedData e.g. for certs only structure */
+
+int CMS_SignedData_init(CMS_ContentInfo *cms)
+ {
+ if (cms_signed_data_init(cms))
+ return 1;
+ else
+ return 0;
+ }
+
+/* Check structures and fixup version numbers (if necessary) */
+
+static void cms_sd_set_version(CMS_SignedData *sd)
+ {
+ int i;
+ CMS_CertificateChoices *cch;
+ CMS_RevocationInfoChoice *rch;
+ CMS_SignerInfo *si;
+
+ for (i = 0; i < sk_CMS_CertificateChoices_num(sd->certificates); i++)
+ {
+ cch = sk_CMS_CertificateChoices_value(sd->certificates, i);
+ if (cch->type == CMS_CERTCHOICE_OTHER)
+ {
+ if (sd->version < 5)
+ sd->version = 5;
+ }
+ else if (cch->type == CMS_CERTCHOICE_V2ACERT)
+ {
+ if (sd->version < 4)
+ sd->version = 4;
+ }
+ else if (cch->type == CMS_CERTCHOICE_V1ACERT)
+ {
+ if (sd->version < 3)
+ sd->version = 3;
+ }
+ }
+
+ for (i = 0; i < sk_CMS_RevocationInfoChoice_num(sd->crls); i++)
+ {
+ rch = sk_CMS_RevocationInfoChoice_value(sd->crls, i);
+ if (rch->type == CMS_REVCHOICE_OTHER)
+ {
+ if (sd->version < 5)
+ sd->version = 5;
+ }
+ }
+
+ if ((OBJ_obj2nid(sd->encapContentInfo->eContentType) != NID_pkcs7_data)
+ && (sd->version < 3))
+ sd->version = 3;
+
+ for (i = 0; i < sk_CMS_SignerInfo_num(sd->signerInfos); i++)
+ {
+ si = sk_CMS_SignerInfo_value(sd->signerInfos, i);
+ if (si->sid->type == CMS_SIGNERINFO_KEYIDENTIFIER)
+ {
+ if (si->version < 3)
+ si->version = 3;
+ if (sd->version < 3)
+ sd->version = 3;
+ }
+ else
+ sd->version = 1;
+ }
+
+ if (sd->version < 1)
+ sd->version = 1;
+
+ }
+
+/* Copy an existing messageDigest value */
+
+static int cms_copy_messageDigest(CMS_ContentInfo *cms, CMS_SignerInfo *si)
+ {
+ STACK_OF(CMS_SignerInfo) *sinfos;
+ CMS_SignerInfo *sitmp;
+ int i;
+ sinfos = CMS_get0_SignerInfos(cms);
+ for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++)
+ {
+ ASN1_OCTET_STRING *messageDigest;
+ sitmp = sk_CMS_SignerInfo_value(sinfos, i);
+ if (sitmp == si)
+ continue;
+ if (CMS_signed_get_attr_count(sitmp) < 0)
+ continue;
+ if (OBJ_cmp(si->digestAlgorithm->algorithm,
+ sitmp->digestAlgorithm->algorithm))
+ continue;
+ messageDigest = CMS_signed_get0_data_by_OBJ(sitmp,
+ OBJ_nid2obj(NID_pkcs9_messageDigest),
+ -3, V_ASN1_OCTET_STRING);
+ if (!messageDigest)
+ {
+ CMSerr(CMS_F_CMS_COPY_MESSAGEDIGEST,
+ CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE);
+ return 0;
+ }
+
+ if (CMS_signed_add1_attr_by_NID(si, NID_pkcs9_messageDigest,
+ V_ASN1_OCTET_STRING,
+ messageDigest, -1))
+ return 1;
+ else
+ return 0;
+ }
+ CMSerr(CMS_F_CMS_COPY_MESSAGEDIGEST, CMS_R_NO_MATCHING_DIGEST);
+ return 0;
+ }
+
+int cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert, int type)
+ {
+ switch(type)
+ {
+ case CMS_SIGNERINFO_ISSUER_SERIAL:
+ sid->d.issuerAndSerialNumber =
+ M_ASN1_new_of(CMS_IssuerAndSerialNumber);
+ if (!sid->d.issuerAndSerialNumber)
+ goto merr;
+ if (!X509_NAME_set(&sid->d.issuerAndSerialNumber->issuer,
+ X509_get_issuer_name(cert)))
+ goto merr;
+ ASN1_STRING_free(sid->d.issuerAndSerialNumber->serialNumber);
+ sid->d.issuerAndSerialNumber->serialNumber =
+ ASN1_STRING_dup(X509_get_serialNumber(cert));
+ if(!sid->d.issuerAndSerialNumber->serialNumber)
+ goto merr;
+ break;
+
+ case CMS_SIGNERINFO_KEYIDENTIFIER:
+ if (!cert->skid)
+ {
+ CMSerr(CMS_F_CMS_SET1_SIGNERIDENTIFIER,
+ CMS_R_CERTIFICATE_HAS_NO_KEYID);
+ return 0;
+ }
+ sid->d.subjectKeyIdentifier = ASN1_STRING_dup(cert->skid);
+ if (!sid->d.subjectKeyIdentifier)
+ goto merr;
+ break;
+
+ default:
+ CMSerr(CMS_F_CMS_SET1_SIGNERIDENTIFIER, CMS_R_UNKNOWN_ID);
+ return 0;
+ }
+
+ sid->type = type;
+
+ return 1;
+
+ merr:
+ CMSerr(CMS_F_CMS_SET1_SIGNERIDENTIFIER, ERR_R_MALLOC_FAILURE);
+ return 0;
+
+ }
+
+int cms_SignerIdentifier_get0_signer_id(CMS_SignerIdentifier *sid,
+ ASN1_OCTET_STRING **keyid,
+ X509_NAME **issuer, ASN1_INTEGER **sno)
+ {
+ if (sid->type == CMS_SIGNERINFO_ISSUER_SERIAL)
+ {
+ if (issuer)
+ *issuer = sid->d.issuerAndSerialNumber->issuer;
+ if (sno)
+ *sno = sid->d.issuerAndSerialNumber->serialNumber;
+ }
+ else if (sid->type == CMS_SIGNERINFO_KEYIDENTIFIER)
+ {
+ if (keyid)
+ *keyid = sid->d.subjectKeyIdentifier;
+ }
+ else
+ return 0;
+ return 1;
+ }
+
+int cms_SignerIdentifier_cert_cmp(CMS_SignerIdentifier *sid, X509 *cert)
+ {
+ int ret;
+ if (sid->type == CMS_SIGNERINFO_ISSUER_SERIAL)
+ {
+ ret = X509_NAME_cmp(sid->d.issuerAndSerialNumber->issuer,
+ X509_get_issuer_name(cert));
+ if (ret)
+ return ret;
+ return ASN1_INTEGER_cmp(sid->d.issuerAndSerialNumber->serialNumber,
+ X509_get_serialNumber(cert));
+ }
+ else if (sid->type == CMS_SIGNERINFO_KEYIDENTIFIER)
+ {
+ X509_check_purpose(cert, -1, -1);
+ if (!cert->skid)
+ return -1;
+ return ASN1_OCTET_STRING_cmp(sid->d.subjectKeyIdentifier,
+ cert->skid);
+ }
+ else
+ return -1;
+ }
+
+CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
+ X509 *signer, EVP_PKEY *pk, const EVP_MD *md,
+ unsigned int flags)
+ {
+ CMS_SignedData *sd;
+ CMS_SignerInfo *si = NULL;
+ X509_ALGOR *alg;
+ int i, type;
+ if(!X509_check_private_key(signer, pk))
+ {
+ CMSerr(CMS_F_CMS_ADD1_SIGNER,
+ CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
+ return NULL;
+ }
+ sd = cms_signed_data_init(cms);
+ if (!sd)
+ goto err;
+ si = M_ASN1_new_of(CMS_SignerInfo);
+ if (!si)
+ goto merr;
+ X509_check_purpose(signer, -1, -1);
+
+ CRYPTO_add(&pk->references, 1, CRYPTO_LOCK_EVP_PKEY);
+ CRYPTO_add(&signer->references, 1, CRYPTO_LOCK_X509);
+
+ si->pkey = pk;
+ si->signer = signer;
+
+ if (flags & CMS_USE_KEYID)
+ {
+ si->version = 3;
+ if (sd->version < 3)
+ sd->version = 3;
+ type = CMS_SIGNERINFO_KEYIDENTIFIER;
+ }
+ else
+ {
+ type = CMS_SIGNERINFO_ISSUER_SERIAL;
+ si->version = 1;
+ }
+
+ if (!cms_set1_SignerIdentifier(si->sid, signer, type))
+ goto err;
+
+ /* Since no EVP_PKEY_METHOD in 0.9.8 hard code SHA1 as default */
+ if (md == NULL)
+ md = EVP_sha1();
+
+ /* OpenSSL 0.9.8 only supports SHA1 with non-RSA keys */
+
+ if ((pk->type != EVP_PKEY_RSA) && (EVP_MD_type(md) != NID_sha1))
+ {
+ CMSerr(CMS_F_CMS_ADD1_SIGNER,
+ CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
+ goto err;
+ }
+
+ cms_DigestAlgorithm_set(si->digestAlgorithm, md);
+
+ /* See if digest is present in digestAlgorithms */
+ for (i = 0; i < sk_X509_ALGOR_num(sd->digestAlgorithms); i++)
+ {
+ ASN1_OBJECT *aoid;
+ alg = sk_X509_ALGOR_value(sd->digestAlgorithms, i);
+ X509_ALGOR_get0(&aoid, NULL, NULL, alg);
+ if (OBJ_obj2nid(aoid) == EVP_MD_type(md))
+ break;
+ }
+
+ if (i == sk_X509_ALGOR_num(sd->digestAlgorithms))
+ {
+ alg = X509_ALGOR_new();
+ if (!alg)
+ goto merr;
+ cms_DigestAlgorithm_set(alg, md);
+ if (!sk_X509_ALGOR_push(sd->digestAlgorithms, alg))
+ {
+ X509_ALGOR_free(alg);
+ goto merr;
+ }
+ }
+
+ /* Since we have no EVP_PKEY_ASN1_METHOD in OpenSSL 0.9.8,
+ * hard code algorithm parameters.
+ */
+
+ switch (pk->type)
+ {
+
+ case EVP_PKEY_RSA:
+ X509_ALGOR_set0(si->signatureAlgorithm,
+ OBJ_nid2obj(NID_rsaEncryption),
+ V_ASN1_NULL, 0);
+ break;
+
+ case EVP_PKEY_DSA:
+ X509_ALGOR_set0(si->signatureAlgorithm,
+ OBJ_nid2obj(NID_dsaWithSHA1),
+ V_ASN1_UNDEF, 0);
+ break;
+
+
+ case EVP_PKEY_EC:
+ X509_ALGOR_set0(si->signatureAlgorithm,
+ OBJ_nid2obj(NID_ecdsa_with_SHA1),
+ V_ASN1_UNDEF, 0);
+ break;
+
+ default:
+ CMSerr(CMS_F_CMS_ADD1_SIGNER,
+ CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
+ goto err;
+
+ }
+
+ if (!(flags & CMS_NOATTR))
+ {
+ /* Initialialize signed attributes strutucture so other
+ * attributes such as signing time etc are added later
+ * even if we add none here.
+ */
+ if (!si->signedAttrs)
+ {
+ si->signedAttrs = sk_X509_ATTRIBUTE_new_null();
+ if (!si->signedAttrs)
+ goto merr;
+ }
+
+ if (!(flags & CMS_NOSMIMECAP))
+ {
+ STACK_OF(X509_ALGOR) *smcap = NULL;
+ i = CMS_add_standard_smimecap(&smcap);
+ if (i)
+ i = CMS_add_smimecap(si, smcap);
+ sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free);
+ if (!i)
+ goto merr;
+ }
+ if (flags & CMS_REUSE_DIGEST)
+ {
+ if (!cms_copy_messageDigest(cms, si))
+ goto err;
+ if (!(flags & CMS_PARTIAL) &&
+ !CMS_SignerInfo_sign(si))
+ goto err;
+ }
+ }
+
+ if (!(flags & CMS_NOCERTS))
+ {
+ /* NB ignore -1 return for duplicate cert */
+ if (!CMS_add1_cert(cms, signer))
+ goto merr;
+ }
+
+ if (!sd->signerInfos)
+ sd->signerInfos = sk_CMS_SignerInfo_new_null();
+ if (!sd->signerInfos ||
+ !sk_CMS_SignerInfo_push(sd->signerInfos, si))
+ goto merr;
+
+ return si;
+
+ merr:
+ CMSerr(CMS_F_CMS_ADD1_SIGNER, ERR_R_MALLOC_FAILURE);
+ err:
+ if (si)
+ M_ASN1_free_of(si, CMS_SignerInfo);
+ return NULL;
+
+ }
+
+static int cms_add1_signingTime(CMS_SignerInfo *si, ASN1_TIME *t)
+ {
+ ASN1_TIME *tt;
+ int r = 0;
+ if (t)
+ tt = t;
+ else
+ tt = X509_gmtime_adj(NULL, 0);
+
+ if (!tt)
+ goto merr;
+
+ if (CMS_signed_add1_attr_by_NID(si, NID_pkcs9_signingTime,
+ tt->type, tt, -1) <= 0)
+ goto merr;
+
+ r = 1;
+
+ merr:
+
+ if (!t)
+ ASN1_TIME_free(tt);
+
+ if (!r)
+ CMSerr(CMS_F_CMS_ADD1_SIGNINGTIME, ERR_R_MALLOC_FAILURE);
+
+ return r;
+
+ }
+
+STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms)
+ {
+ CMS_SignedData *sd;
+ sd = cms_get0_signed(cms);
+ if (!sd)
+ return NULL;
+ return sd->signerInfos;
+ }
+
+STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms)
+ {
+ STACK_OF(X509) *signers = NULL;
+ STACK_OF(CMS_SignerInfo) *sinfos;
+ CMS_SignerInfo *si;
+ int i;
+ sinfos = CMS_get0_SignerInfos(cms);
+ for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++)
+ {
+ si = sk_CMS_SignerInfo_value(sinfos, i);
+ if (si->signer)
+ {
+ if (!signers)
+ {
+ signers = sk_X509_new_null();
+ if (!signers)
+ return NULL;
+ }
+ if (!sk_X509_push(signers, si->signer))
+ {
+ sk_X509_free(signers);
+ return NULL;
+ }
+ }
+ }
+ return signers;
+ }
+
+void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer)
+ {
+ if (signer)
+ {
+ CRYPTO_add(&signer->references, 1, CRYPTO_LOCK_X509);
+ if (si->pkey)
+ EVP_PKEY_free(si->pkey);
+ si->pkey = X509_get_pubkey(signer);
+ }
+ if (si->signer)
+ X509_free(si->signer);
+ si->signer = signer;
+ }
+
+int CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si,
+ ASN1_OCTET_STRING **keyid,
+ X509_NAME **issuer, ASN1_INTEGER **sno)
+ {
+ return cms_SignerIdentifier_get0_signer_id(si->sid, keyid, issuer, sno);
+ }
+
+int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert)
+ {
+ return cms_SignerIdentifier_cert_cmp(si->sid, cert);
+ }
+
+int CMS_set1_signers_certs(CMS_ContentInfo *cms, STACK_OF(X509) *scerts,
+ unsigned int flags)
+ {
+ CMS_SignedData *sd;
+ CMS_SignerInfo *si;
+ CMS_CertificateChoices *cch;
+ STACK_OF(CMS_CertificateChoices) *certs;
+ X509 *x;
+ int i, j;
+ int ret = 0;
+ sd = cms_get0_signed(cms);
+ if (!sd)
+ return -1;
+ certs = sd->certificates;
+ for (i = 0; i < sk_CMS_SignerInfo_num(sd->signerInfos); i++)
+ {
+ si = sk_CMS_SignerInfo_value(sd->signerInfos, i);
+ if (si->signer)
+ continue;
+
+ for (j = 0; j < sk_X509_num(scerts); j++)
+ {
+ x = sk_X509_value(scerts, j);
+ if (CMS_SignerInfo_cert_cmp(si, x) == 0)
+ {
+ CMS_SignerInfo_set1_signer_cert(si, x);
+ ret++;
+ break;
+ }
+ }
+
+ if (si->signer || (flags & CMS_NOINTERN))
+ continue;
+
+ for (j = 0; j < sk_CMS_CertificateChoices_num(certs); j++)
+ {
+ cch = sk_CMS_CertificateChoices_value(certs, j);
+ if (cch->type != 0)
+ continue;
+ x = cch->d.certificate;
+ if (CMS_SignerInfo_cert_cmp(si, x) == 0)
+ {
+ CMS_SignerInfo_set1_signer_cert(si, x);
+ ret++;
+ break;
+ }
+ }
+ }
+ return ret;
+ }
+
+void CMS_SignerInfo_get0_algs(CMS_SignerInfo *si, EVP_PKEY **pk, X509 **signer,
+ X509_ALGOR **pdig, X509_ALGOR **psig)
+ {
+ if (pk)
+ *pk = si->pkey;
+ if (signer)
+ *signer = si->signer;
+ if (pdig)
+ *pdig = si->digestAlgorithm;
+ if (psig)
+ *psig = si->signatureAlgorithm;
+ }
+
+/* In OpenSSL 0.9.8 we have the link between digest types and public
+ * key types so we need to fixup the digest type if the public key
+ * type is not appropriate.
+ */
+
+static void cms_fixup_mctx(EVP_MD_CTX *mctx, EVP_PKEY *pkey)
+ {
+ if (EVP_MD_CTX_type(mctx) != NID_sha1)
+ return;
+#ifndef OPENSSL_NO_DSA
+ if (pkey->type == EVP_PKEY_DSA)
+ mctx->digest = EVP_dss1();
+#endif
+#ifndef OPENSSL_NO_ECDSA
+ if (pkey->type == EVP_PKEY_EC)
+ mctx->digest = EVP_ecdsa();
+#endif
+ }
+
+static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms,
+ CMS_SignerInfo *si, BIO *chain)
+ {
+ EVP_MD_CTX mctx;
+ int r = 0;
+ EVP_MD_CTX_init(&mctx);
+
+
+ if (!si->pkey)
+ {
+ CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, CMS_R_NO_PRIVATE_KEY);
+ return 0;
+ }
+
+ if (!cms_DigestAlgorithm_find_ctx(&mctx, chain, si->digestAlgorithm))
+ goto err;
+
+ /* If any signed attributes calculate and add messageDigest attribute */
+
+ if (CMS_signed_get_attr_count(si) >= 0)
+ {
+ ASN1_OBJECT *ctype =
+ cms->d.signedData->encapContentInfo->eContentType;
+ unsigned char md[EVP_MAX_MD_SIZE];
+ unsigned int mdlen;
+ EVP_DigestFinal_ex(&mctx, md, &mdlen);
+ if (!CMS_signed_add1_attr_by_NID(si, NID_pkcs9_messageDigest,
+ V_ASN1_OCTET_STRING,
+ md, mdlen))
+ goto err;
+ /* Copy content type across */
+ if (CMS_signed_add1_attr_by_NID(si, NID_pkcs9_contentType,
+ V_ASN1_OBJECT, ctype, -1) <= 0)
+ goto err;
+ if (!CMS_SignerInfo_sign(si))
+ goto err;
+ }
+ else
+ {
+ unsigned char *sig;
+ unsigned int siglen;
+ sig = OPENSSL_malloc(EVP_PKEY_size(si->pkey));
+ if (!sig)
+ {
+ CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN,
+ ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ cms_fixup_mctx(&mctx, si->pkey);
+ if (!EVP_SignFinal(&mctx, sig, &siglen, si->pkey))
+ {
+ CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN,
+ CMS_R_SIGNFINAL_ERROR);
+ OPENSSL_free(sig);
+ goto err;
+ }
+ ASN1_STRING_set0(si->signature, sig, siglen);
+ }
+
+ r = 1;
+
+ err:
+ EVP_MD_CTX_cleanup(&mctx);
+ return r;
+
+ }
+
+int cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain)
+ {
+ STACK_OF(CMS_SignerInfo) *sinfos;
+ CMS_SignerInfo *si;
+ int i;
+ sinfos = CMS_get0_SignerInfos(cms);
+ for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++)
+ {
+ si = sk_CMS_SignerInfo_value(sinfos, i);
+ if (!cms_SignerInfo_content_sign(cms, si, chain))
+ return 0;
+ }
+ cms->d.signedData->encapContentInfo->partial = 0;
+ return 1;
+ }
+
+int CMS_SignerInfo_sign(CMS_SignerInfo *si)
+ {
+ EVP_MD_CTX mctx;
+ unsigned char *abuf = NULL;
+ int alen;
+ unsigned int siglen;
+ const EVP_MD *md = NULL;
+
+ md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm);
+ if (md == NULL)
+ return 0;
+
+ EVP_MD_CTX_init(&mctx);
+
+ if (CMS_signed_get_attr_by_NID(si, NID_pkcs9_signingTime, -1) < 0)
+ {
+ if (!cms_add1_signingTime(si, NULL))
+ goto err;
+ }
+
+ if (EVP_SignInit_ex(&mctx, md, NULL) <= 0)
+ goto err;
+
+#if 0
+ if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
+ EVP_PKEY_CTRL_CMS_SIGN, 0, si) <= 0)
+ {
+ CMSerr(CMS_F_CMS_SIGNERINFO_SIGN, CMS_R_CTRL_ERROR);
+ goto err;
+ }
+#endif
+
+ alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs,&abuf,
+ ASN1_ITEM_rptr(CMS_Attributes_Sign));
+ if(!abuf)
+ goto err;
+ if (EVP_SignUpdate(&mctx, abuf, alen) <= 0)
+ goto err;
+ siglen = EVP_PKEY_size(si->pkey);
+ OPENSSL_free(abuf);
+ abuf = OPENSSL_malloc(siglen);
+ if(!abuf)
+ goto err;
+ cms_fixup_mctx(&mctx, si->pkey);
+ if (EVP_SignFinal(&mctx, abuf, &siglen, si->pkey) <= 0)
+ goto err;
+#if 0
+ if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
+ EVP_PKEY_CTRL_CMS_SIGN, 1, si) <= 0)
+ {
+ CMSerr(CMS_F_CMS_SIGNERINFO_SIGN, CMS_R_CTRL_ERROR);
+ goto err;
+ }
+#endif
+ EVP_MD_CTX_cleanup(&mctx);
+
+ ASN1_STRING_set0(si->signature, abuf, siglen);
+
+ return 1;
+
+ err:
+ if (abuf)
+ OPENSSL_free(abuf);
+ EVP_MD_CTX_cleanup(&mctx);
+ return 0;
+
+ }
+
+int CMS_SignerInfo_verify(CMS_SignerInfo *si)
+ {
+ EVP_MD_CTX mctx;
+ unsigned char *abuf = NULL;
+ int alen, r = -1;
+ const EVP_MD *md = NULL;
+
+ if (!si->pkey)
+ {
+ CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, CMS_R_NO_PUBLIC_KEY);
+ return -1;
+ }
+
+ md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm);
+ if (md == NULL)
+ return -1;
+ EVP_MD_CTX_init(&mctx);
+ if (EVP_VerifyInit_ex(&mctx, md, NULL) <= 0)
+ goto err;
+
+ alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs,&abuf,
+ ASN1_ITEM_rptr(CMS_Attributes_Verify));
+ if(!abuf)
+ goto err;
+ r = EVP_VerifyUpdate(&mctx, abuf, alen);
+ OPENSSL_free(abuf);
+ if (r <= 0)
+ {
+ r = -1;
+ goto err;
+ }
+ cms_fixup_mctx(&mctx, si->pkey);
+ r = EVP_VerifyFinal(&mctx,
+ si->signature->data, si->signature->length, si->pkey);
+ if (!r)
+ CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, CMS_R_VERIFICATION_FAILURE);
+ err:
+ EVP_MD_CTX_cleanup(&mctx);
+ return r;
+ }
+
+/* Create a chain of digest BIOs from a CMS ContentInfo */
+
+BIO *cms_SignedData_init_bio(CMS_ContentInfo *cms)
+ {
+ int i;
+ CMS_SignedData *sd;
+ BIO *chain = NULL;
+ sd = cms_get0_signed(cms);
+ if (!sd)
+ return NULL;
+ if (cms->d.signedData->encapContentInfo->partial)
+ cms_sd_set_version(sd);
+ for (i = 0; i < sk_X509_ALGOR_num(sd->digestAlgorithms); i++)
+ {
+ X509_ALGOR *digestAlgorithm;
+ BIO *mdbio;
+ digestAlgorithm = sk_X509_ALGOR_value(sd->digestAlgorithms, i);
+ mdbio = cms_DigestAlgorithm_init_bio(digestAlgorithm);
+ if (!mdbio)
+ goto err;
+ if (chain)
+ BIO_push(chain, mdbio);
+ else
+ chain = mdbio;
+ }
+ return chain;
+ err:
+ if (chain)
+ BIO_free_all(chain);
+ return NULL;
+ }
+
+int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain)
+ {
+ ASN1_OCTET_STRING *os = NULL;
+ EVP_MD_CTX mctx;
+ int r = -1;
+ EVP_MD_CTX_init(&mctx);
+ /* If we have any signed attributes look for messageDigest value */
+ if (CMS_signed_get_attr_count(si) >= 0)
+ {
+ os = CMS_signed_get0_data_by_OBJ(si,
+ OBJ_nid2obj(NID_pkcs9_messageDigest),
+ -3, V_ASN1_OCTET_STRING);
+ if (!os)
+ {
+ CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT,
+ CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE);
+ goto err;
+ }
+ }
+
+ if (!cms_DigestAlgorithm_find_ctx(&mctx, chain, si->digestAlgorithm))
+ goto err;
+
+ /* If messageDigest found compare it */
+
+ if (os)
+ {
+ unsigned char mval[EVP_MAX_MD_SIZE];
+ unsigned int mlen;
+ if (EVP_DigestFinal_ex(&mctx, mval, &mlen) <= 0)
+ {
+ CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT,
+ CMS_R_UNABLE_TO_FINALIZE_CONTEXT);
+ goto err;
+ }
+ if (mlen != (unsigned int)os->length)
+ {
+ CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT,
+ CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH);
+ goto err;
+ }
+
+ if (memcmp(mval, os->data, mlen))
+ {
+ CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT,
+ CMS_R_VERIFICATION_FAILURE);
+ r = 0;
+ }
+ else
+ r = 1;
+ }
+ else
+ {
+ cms_fixup_mctx(&mctx, si->pkey);
+ r = EVP_VerifyFinal(&mctx, si->signature->data,
+ si->signature->length, si->pkey);
+ if (r <= 0)
+ {
+ CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT,
+ CMS_R_VERIFICATION_FAILURE);
+ r = 0;
+ }
+ }
+
+ err:
+ EVP_MD_CTX_cleanup(&mctx);
+ return r;
+
+ }
+
+int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs)
+ {
+ unsigned char *smder = NULL;
+ int smderlen, r;
+ smderlen = i2d_X509_ALGORS(algs, &smder);
+ if (smderlen <= 0)
+ return 0;
+ r = CMS_signed_add1_attr_by_NID(si, NID_SMIMECapabilities,
+ V_ASN1_SEQUENCE, smder, smderlen);
+ OPENSSL_free(smder);
+ return r;
+ }
+
+int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs,
+ int algnid, int keysize)
+ {
+ X509_ALGOR *alg;
+ ASN1_INTEGER *key = NULL;
+ if (keysize > 0)
+ {
+ key = ASN1_INTEGER_new();
+ if (!key || !ASN1_INTEGER_set(key, keysize))
+ return 0;
+ }
+ alg = X509_ALGOR_new();
+ if (!alg)
+ {
+ if (key)
+ ASN1_INTEGER_free(key);
+ return 0;
+ }
+
+ X509_ALGOR_set0(alg, OBJ_nid2obj(algnid),
+ key ? V_ASN1_INTEGER : V_ASN1_UNDEF, key);
+ if (!*algs)
+ *algs = sk_X509_ALGOR_new_null();
+ if (!*algs || !sk_X509_ALGOR_push(*algs, alg))
+ {
+ X509_ALGOR_free(alg);
+ return 0;
+ }
+ return 1;
+ }
+
+/* Check to see if a cipher exists and if so add S/MIME capabilities */
+
+static int cms_add_cipher_smcap(STACK_OF(X509_ALGOR) **sk, int nid, int arg)
+ {
+ if (EVP_get_cipherbynid(nid))
+ return CMS_add_simple_smimecap(sk, nid, arg);
+ return 1;
+ }
+#if 0
+static int cms_add_digest_smcap(STACK_OF(X509_ALGOR) **sk, int nid, int arg)
+ {
+ if (EVP_get_digestbynid(nid))
+ return CMS_add_simple_smimecap(sk, nid, arg);
+ return 1;
+ }
+#endif
+int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap)
+ {
+ if (!cms_add_cipher_smcap(smcap, NID_aes_256_cbc, -1)
+ || !cms_add_cipher_smcap(smcap, NID_aes_192_cbc, -1)
+ || !cms_add_cipher_smcap(smcap, NID_aes_128_cbc, -1)
+ || !cms_add_cipher_smcap(smcap, NID_des_ede3_cbc, -1)
+ || !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 128)
+ || !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 64)
+ || !cms_add_cipher_smcap(smcap, NID_des_cbc, -1)
+ || !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 40))
+ return 0;
+ return 1;
+ }
--- /dev/null
+/* crypto/cms/cms_smime.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/err.h>
+#include <openssl/cms.h>
+#include "cms_lcl.h"
+
+static int cms_copy_content(BIO *out, BIO *in, unsigned int flags)
+ {
+ unsigned char buf[4096];
+ int r = 0, i;
+ BIO *tmpout = NULL;
+
+ if (out == NULL)
+ tmpout = BIO_new(BIO_s_null());
+ else if (flags & CMS_TEXT)
+ tmpout = BIO_new(BIO_s_mem());
+ else
+ tmpout = out;
+
+ if(!tmpout)
+ {
+ CMSerr(CMS_F_CMS_COPY_CONTENT,ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ /* Read all content through chain to process digest, decrypt etc */
+ for (;;)
+ {
+ i=BIO_read(in,buf,sizeof(buf));
+ if (i <= 0)
+ {
+ if (BIO_method_type(in) == BIO_TYPE_CIPHER)
+ {
+ if (!BIO_get_cipher_status(in))
+ goto err;
+ }
+ break;
+ }
+
+ if (tmpout)
+ BIO_write(tmpout, buf, i);
+ }
+
+ if(flags & CMS_TEXT)
+ {
+ if(!SMIME_text(tmpout, out))
+ {
+ CMSerr(CMS_F_CMS_COPY_CONTENT,CMS_R_SMIME_TEXT_ERROR);
+ goto err;
+ }
+ }
+
+ r = 1;
+
+ err:
+ if (tmpout && (tmpout != out))
+ BIO_free(tmpout);
+ return r;
+
+ }
+
+static int check_content(CMS_ContentInfo *cms)
+ {
+ ASN1_OCTET_STRING **pos = CMS_get0_content(cms);
+ if (!pos || !*pos)
+ {
+ CMSerr(CMS_F_CHECK_CONTENT, CMS_R_NO_CONTENT);
+ return 0;
+ }
+ return 1;
+ }
+
+static void do_free_upto(BIO *f, BIO *upto)
+ {
+ if (upto)
+ {
+ BIO *tbio;
+ do
+ {
+ tbio = BIO_pop(f);
+ BIO_free(f);
+ f = tbio;
+ }
+ while (f != upto);
+ }
+ else
+ BIO_free_all(f);
+ }
+
+int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags)
+ {
+ BIO *cont;
+ int r;
+ if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_data)
+ {
+ CMSerr(CMS_F_CMS_DATA, CMS_R_TYPE_NOT_DATA);
+ return 0;
+ }
+ cont = CMS_dataInit(cms, NULL);
+ if (!cont)
+ return 0;
+ r = cms_copy_content(out, cont, flags);
+ BIO_free_all(cont);
+ return r;
+ }
+
+CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags)
+ {
+ CMS_ContentInfo *cms;
+ cms = cms_Data_create();
+ if (!cms)
+ return NULL;
+
+ if (CMS_final(cms, in, NULL, flags))
+ return cms;
+
+ CMS_ContentInfo_free(cms);
+
+ return NULL;
+ }
+
+int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
+ unsigned int flags)
+ {
+ BIO *cont;
+ int r;
+ if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_digest)
+ {
+ CMSerr(CMS_F_CMS_DIGEST_VERIFY, CMS_R_TYPE_NOT_DIGESTED_DATA);
+ return 0;
+ }
+
+ if (!dcont && !check_content(cms))
+ return 0;
+
+ cont = CMS_dataInit(cms, dcont);
+ if (!cont)
+ return 0;
+ r = cms_copy_content(out, cont, flags);
+ if (r)
+ r = cms_DigestedData_do_final(cms, cont, 1);
+ do_free_upto(cont, dcont);
+ return r;
+ }
+
+CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md,
+ unsigned int flags)
+ {
+ CMS_ContentInfo *cms;
+ if (!md)
+ md = EVP_sha1();
+ cms = cms_DigestedData_create(md);
+ if (!cms)
+ return NULL;
+
+ if(!(flags & CMS_DETACHED))
+ {
+ flags &= ~CMS_STREAM;
+ CMS_set_detached(cms, 0);
+ }
+
+ if ((flags & CMS_STREAM) || CMS_final(cms, in, NULL, flags))
+ return cms;
+
+ CMS_ContentInfo_free(cms);
+ return NULL;
+ }
+
+int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms,
+ const unsigned char *key, size_t keylen,
+ BIO *dcont, BIO *out, unsigned int flags)
+ {
+ BIO *cont;
+ int r;
+ if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_encrypted)
+ {
+ CMSerr(CMS_F_CMS_ENCRYPTEDDATA_DECRYPT,
+ CMS_R_TYPE_NOT_ENCRYPTED_DATA);
+ return 0;
+ }
+
+ if (!dcont && !check_content(cms))
+ return 0;
+
+ if (CMS_EncryptedData_set1_key(cms, NULL, key, keylen) <= 0)
+ return 0;
+ cont = CMS_dataInit(cms, dcont);
+ if (!cont)
+ return 0;
+ r = cms_copy_content(out, cont, flags);
+ do_free_upto(cont, dcont);
+ return r;
+ }
+
+CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher,
+ const unsigned char *key, size_t keylen,
+ unsigned int flags)
+ {
+ CMS_ContentInfo *cms;
+ if (!cipher)
+ {
+ CMSerr(CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT, CMS_R_NO_CIPHER);
+ return NULL;
+ }
+ cms = CMS_ContentInfo_new();
+ if (!cms)
+ return NULL;
+ if (!CMS_EncryptedData_set1_key(cms, cipher, key, keylen))
+ return NULL;
+
+ if(!(flags & CMS_DETACHED))
+ {
+ flags &= ~CMS_STREAM;
+ CMS_set_detached(cms, 0);
+ }
+
+ if ((flags & (CMS_STREAM|CMS_PARTIAL))
+ || CMS_final(cms, in, NULL, flags))
+ return cms;
+
+ CMS_ContentInfo_free(cms);
+ return NULL;
+ }
+
+static int cms_signerinfo_verify_cert(CMS_SignerInfo *si,
+ X509_STORE *store,
+ STACK_OF(X509) *certs,
+ STACK_OF(X509_CRL) *crls,
+ unsigned int flags)
+ {
+ X509_STORE_CTX ctx;
+ X509 *signer;
+ int i, j, r = 0;
+ CMS_SignerInfo_get0_algs(si, NULL, &signer, NULL, NULL);
+ if (!X509_STORE_CTX_init(&ctx, store, signer, certs))
+ {
+ CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CERT,
+ CMS_R_STORE_INIT_ERROR);
+ goto err;
+ }
+ X509_STORE_CTX_set_purpose(&ctx, X509_PURPOSE_SMIME_SIGN);
+ if (crls)
+ X509_STORE_CTX_set0_crls(&ctx, crls);
+
+ i = X509_verify_cert(&ctx);
+ if (i <= 0)
+ {
+ j = X509_STORE_CTX_get_error(&ctx);
+ CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CERT,
+ CMS_R_CERTIFICATE_VERIFY_ERROR);
+ ERR_add_error_data(2, "Verify error:",
+ X509_verify_cert_error_string(j));
+ goto err;
+ }
+ r = 1;
+ err:
+ X509_STORE_CTX_cleanup(&ctx);
+ return r;
+
+ }
+
+int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
+ X509_STORE *store, BIO *dcont, BIO *out, unsigned int flags)
+ {
+ CMS_SignerInfo *si;
+ STACK_OF(CMS_SignerInfo) *sinfos;
+ STACK_OF(X509) *cms_certs = NULL;
+ STACK_OF(X509_CRL) *crls = NULL;
+ X509 *signer;
+ int i, scount = 0, ret = 0;
+ BIO *cmsbio = NULL, *tmpin = NULL;
+
+ if (!dcont && !check_content(cms))
+ return 0;
+
+ /* Attempt to find all signer certificates */
+
+ sinfos = CMS_get0_SignerInfos(cms);
+
+ if (sk_CMS_SignerInfo_num(sinfos) <= 0)
+ {
+ CMSerr(CMS_F_CMS_VERIFY, CMS_R_NO_SIGNERS);
+ goto err;
+ }
+
+ for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++)
+ {
+ si = sk_CMS_SignerInfo_value(sinfos, i);
+ CMS_SignerInfo_get0_algs(si, NULL, &signer, NULL, NULL);
+ if (signer)
+ scount++;
+ }
+
+ if (scount != sk_CMS_SignerInfo_num(sinfos))
+ scount += CMS_set1_signers_certs(cms, certs, flags);
+
+ if (scount != sk_CMS_SignerInfo_num(sinfos))
+ {
+ CMSerr(CMS_F_CMS_VERIFY, CMS_R_SIGNER_CERTIFICATE_NOT_FOUND);
+ goto err;
+ }
+
+ /* Attempt to verify all signers certs */
+
+ if (!(flags & CMS_NO_SIGNER_CERT_VERIFY))
+ {
+ cms_certs = CMS_get1_certs(cms);
+ if (!(flags & CMS_NOCRL))
+ crls = CMS_get1_crls(cms);
+ for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++)
+ {
+ si = sk_CMS_SignerInfo_value(sinfos, i);
+ if (!cms_signerinfo_verify_cert(si, store,
+ cms_certs, crls, flags))
+ goto err;
+ }
+ }
+
+ /* Attempt to verify all SignerInfo signed attribute signatures */
+
+ if (!(flags & CMS_NO_ATTR_VERIFY))
+ {
+ for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++)
+ {
+ si = sk_CMS_SignerInfo_value(sinfos, i);
+ if (CMS_signed_get_attr_count(si) < 0)
+ continue;
+ if (CMS_SignerInfo_verify(si) <= 0)
+ goto err;
+ }
+ }
+
+ /* Performance optimization: if the content is a memory BIO then
+ * store its contents in a temporary read only memory BIO. This
+ * avoids potentially large numbers of slow copies of data which will
+ * occur when reading from a read write memory BIO when signatures
+ * are calculated.
+ */
+
+ if (dcont && (BIO_method_type(dcont) == BIO_TYPE_MEM))
+ {
+ char *ptr;
+ long len;
+ len = BIO_get_mem_data(dcont, &ptr);
+ tmpin = BIO_new_mem_buf(ptr, len);
+ if (tmpin == NULL)
+ {
+ CMSerr(CMS_F_CMS_VERIFY,ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ }
+ else
+ tmpin = dcont;
+
+
+ cmsbio=CMS_dataInit(cms, tmpin);
+ if (!cmsbio)
+ goto err;
+
+ if (!cms_copy_content(out, cmsbio, flags))
+ goto err;
+
+ if (!(flags & CMS_NO_CONTENT_VERIFY))
+ {
+ for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++)
+ {
+ si = sk_CMS_SignerInfo_value(sinfos, i);
+ if (!CMS_SignerInfo_verify_content(si, cmsbio))
+ {
+ CMSerr(CMS_F_CMS_VERIFY,
+ CMS_R_CONTENT_VERIFY_ERROR);
+ goto err;
+ }
+ }
+ }
+
+ ret = 1;
+
+ err:
+
+ if (dcont && (tmpin == dcont))
+ do_free_upto(cmsbio, dcont);
+ else
+ BIO_free_all(cmsbio);
+
+ if (cms_certs)
+ sk_X509_pop_free(cms_certs, X509_free);
+ if (crls)
+ sk_X509_CRL_pop_free(crls, X509_CRL_free);
+
+ return ret;
+ }
+
+int CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms,
+ STACK_OF(X509) *certs,
+ X509_STORE *store, unsigned int flags)
+ {
+ int r;
+ r = CMS_verify(rcms, certs, store, NULL, NULL, flags);
+ if (r <= 0)
+ return r;
+ return cms_Receipt_verify(rcms, ocms);
+ }
+
+CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
+ BIO *data, unsigned int flags)
+ {
+ CMS_ContentInfo *cms;
+ int i;
+
+ cms = CMS_ContentInfo_new();
+ if (!cms || !CMS_SignedData_init(cms))
+ goto merr;
+
+ if (pkey && !CMS_add1_signer(cms, signcert, pkey, NULL, flags))
+ {
+ CMSerr(CMS_F_CMS_SIGN, CMS_R_ADD_SIGNER_ERROR);
+ goto err;
+ }
+
+ for (i = 0; i < sk_X509_num(certs); i++)
+ {
+ X509 *x = sk_X509_value(certs, i);
+ if (!CMS_add1_cert(cms, x))
+ goto merr;
+ }
+
+ if(!(flags & CMS_DETACHED))
+ {
+ flags &= ~CMS_STREAM;
+ CMS_set_detached(cms, 0);
+ }
+
+ if ((flags & (CMS_STREAM|CMS_PARTIAL))
+ || CMS_final(cms, data, NULL, flags))
+ return cms;
+ else
+ goto err;
+
+ merr:
+ CMSerr(CMS_F_CMS_SIGN, ERR_R_MALLOC_FAILURE);
+
+ err:
+ if (cms)
+ CMS_ContentInfo_free(cms);
+ return NULL;
+ }
+
+CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
+ X509 *signcert, EVP_PKEY *pkey,
+ STACK_OF(X509) *certs,
+ unsigned int flags)
+ {
+ CMS_SignerInfo *rct_si;
+ CMS_ContentInfo *cms = NULL;
+ ASN1_OCTET_STRING **pos, *os;
+ BIO *rct_cont = NULL;
+ int r = 0;
+
+ flags &= ~CMS_STREAM;
+ /* Not really detached but avoids content being allocated */
+ flags |= CMS_PARTIAL|CMS_BINARY|CMS_DETACHED;
+ if (!pkey || !signcert)
+ {
+ CMSerr(CMS_F_CMS_SIGN_RECEIPT, CMS_R_NO_KEY_OR_CERT);
+ return NULL;
+ }
+
+ /* Initialize signed data */
+
+ cms = CMS_sign(NULL, NULL, certs, NULL, flags);
+ if (!cms)
+ goto err;
+
+ /* Set inner content type to signed receipt */
+ if (!CMS_set1_eContentType(cms, OBJ_nid2obj(NID_id_smime_ct_receipt)))
+ goto err;
+
+ rct_si = CMS_add1_signer(cms, signcert, pkey, NULL, flags);
+ if (!rct_si)
+ {
+ CMSerr(CMS_F_CMS_SIGN_RECEIPT, CMS_R_ADD_SIGNER_ERROR);
+ goto err;
+ }
+
+ os = cms_encode_Receipt(si);
+
+ if (!os)
+ goto err;
+
+ /* Set content to digest */
+ rct_cont = BIO_new_mem_buf(os->data, os->length);
+ if (!rct_cont)
+ goto err;
+
+ /* Add msgSigDigest attribute */
+
+ if (!cms_msgSigDigest_add1(rct_si, si))
+ goto err;
+
+ /* Finalize structure */
+ if (!CMS_final(cms, rct_cont, NULL, flags))
+ goto err;
+
+ /* Set embedded content */
+ pos = CMS_get0_content(cms);
+ *pos = os;
+
+ r = 1;
+
+ err:
+ if (rct_cont)
+ BIO_free(rct_cont);
+ if (r)
+ return cms;
+ CMS_ContentInfo_free(cms);
+ return NULL;
+
+ }
+
+CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *data,
+ const EVP_CIPHER *cipher, unsigned int flags)
+ {
+ CMS_ContentInfo *cms;
+ int i;
+ X509 *recip;
+ cms = CMS_EnvelopedData_create(cipher);
+ if (!cms)
+ goto merr;
+ for (i = 0; i < sk_X509_num(certs); i++)
+ {
+ recip = sk_X509_value(certs, i);
+ if (!CMS_add1_recipient_cert(cms, recip, flags))
+ {
+ CMSerr(CMS_F_CMS_ENCRYPT, CMS_R_RECIPIENT_ERROR);
+ goto err;
+ }
+ }
+
+ if(!(flags & CMS_DETACHED))
+ {
+ flags &= ~CMS_STREAM;
+ CMS_set_detached(cms, 0);
+ }
+
+ if ((flags & (CMS_STREAM|CMS_PARTIAL))
+ || CMS_final(cms, data, NULL, flags))
+ return cms;
+ else
+ goto err;
+
+ merr:
+ CMSerr(CMS_F_CMS_ENCRYPT, ERR_R_MALLOC_FAILURE);
+ err:
+ if (cms)
+ CMS_ContentInfo_free(cms);
+ return NULL;
+ }
+
+int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert)
+ {
+ STACK_OF(CMS_RecipientInfo) *ris;
+ CMS_RecipientInfo *ri;
+ int i, r;
+ ris = CMS_get0_RecipientInfos(cms);
+ for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++)
+ {
+ ri = sk_CMS_RecipientInfo_value(ris, i);
+ if (CMS_RecipientInfo_type(ri) != CMS_RECIPINFO_TRANS)
+ continue;
+ /* If we have a cert try matching RecipientInfo
+ * otherwise try them all.
+ */
+ if (!cert || (CMS_RecipientInfo_ktri_cert_cmp(ri, cert) == 0))
+ {
+ CMS_RecipientInfo_set0_pkey(ri, pk);
+ r = CMS_RecipientInfo_decrypt(cms, ri);
+ CMS_RecipientInfo_set0_pkey(ri, NULL);
+ if (r > 0)
+ return 1;
+ if (cert)
+ {
+ CMSerr(CMS_F_CMS_DECRYPT_SET1_PKEY,
+ CMS_R_DECRYPT_ERROR);
+ return 0;
+ }
+ ERR_clear_error();
+ }
+ }
+
+ CMSerr(CMS_F_CMS_DECRYPT_SET1_PKEY, CMS_R_NO_MATCHING_RECIPIENT);
+ return 0;
+
+ }
+
+int CMS_decrypt_set1_key(CMS_ContentInfo *cms,
+ unsigned char *key, size_t keylen,
+ unsigned char *id, size_t idlen)
+ {
+ STACK_OF(CMS_RecipientInfo) *ris;
+ CMS_RecipientInfo *ri;
+ int i, r;
+ ris = CMS_get0_RecipientInfos(cms);
+ for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++)
+ {
+ ri = sk_CMS_RecipientInfo_value(ris, i);
+ if (CMS_RecipientInfo_type(ri) != CMS_RECIPINFO_KEK)
+ continue;
+
+ /* If we have an id try matching RecipientInfo
+ * otherwise try them all.
+ */
+ if (!id || (CMS_RecipientInfo_kekri_id_cmp(ri, id, idlen) == 0))
+ {
+ CMS_RecipientInfo_set0_key(ri, key, keylen);
+ r = CMS_RecipientInfo_decrypt(cms, ri);
+ CMS_RecipientInfo_set0_key(ri, NULL, 0);
+ if (r > 0)
+ return 1;
+ if (id)
+ {
+ CMSerr(CMS_F_CMS_DECRYPT_SET1_KEY,
+ CMS_R_DECRYPT_ERROR);
+ return 0;
+ }
+ ERR_clear_error();
+ }
+ }
+
+ CMSerr(CMS_F_CMS_DECRYPT_SET1_KEY, CMS_R_NO_MATCHING_RECIPIENT);
+ return 0;
+
+ }
+
+int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert,
+ BIO *dcont, BIO *out,
+ unsigned int flags)
+ {
+ int r;
+ BIO *cont;
+ if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_enveloped)
+ {
+ CMSerr(CMS_F_CMS_DECRYPT, CMS_R_TYPE_NOT_ENVELOPED_DATA);
+ return 0;
+ }
+ if (!dcont && !check_content(cms))
+ return 0;
+ if (pk && !CMS_decrypt_set1_pkey(cms, pk, cert))
+ return 0;
+
+ cont = CMS_dataInit(cms, dcont);
+ if (!cont)
+ return 0;
+ r = cms_copy_content(out, cont, flags);
+ do_free_upto(cont, dcont);
+ return r;
+ }
+
+int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, unsigned int flags)
+ {
+ BIO *cmsbio;
+ int ret = 0;
+ if (!(cmsbio = CMS_dataInit(cms, dcont)))
+ {
+ CMSerr(CMS_F_CMS_FINAL,ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+
+ SMIME_crlf_copy(data, cmsbio, flags);
+
+ (void)BIO_flush(cmsbio);
+
+
+ if (!CMS_dataFinal(cms, cmsbio))
+ {
+ CMSerr(CMS_F_CMS_FINAL,CMS_R_CMS_DATAFINAL_ERROR);
+ goto err;
+ }
+
+ ret = 1;
+
+ err:
+ do_free_upto(cmsbio, dcont);
+
+ return ret;
+
+ }
+
+#ifdef ZLIB
+
+int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
+ unsigned int flags)
+ {
+ BIO *cont;
+ int r;
+ if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_id_smime_ct_compressedData)
+ {
+ CMSerr(CMS_F_CMS_UNCOMPRESS,
+ CMS_R_TYPE_NOT_COMPRESSED_DATA);
+ return 0;
+ }
+
+ if (!dcont && !check_content(cms))
+ return 0;
+
+ cont = CMS_dataInit(cms, dcont);
+ if (!cont)
+ return 0;
+ r = cms_copy_content(out, cont, flags);
+ do_free_upto(cont, dcont);
+ return r;
+ }
+
+CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags)
+ {
+ CMS_ContentInfo *cms;
+ if (comp_nid <= 0)
+ comp_nid = NID_zlib_compression;
+ cms = cms_CompressedData_create(comp_nid);
+ if (!cms)
+ return NULL;
+
+ if(!(flags & CMS_DETACHED))
+ {
+ flags &= ~CMS_STREAM;
+ CMS_set_detached(cms, 0);
+ }
+
+ if (CMS_final(cms, in, NULL, flags))
+ return cms;
+
+ CMS_ContentInfo_free(cms);
+ return NULL;
+ }
+
+#else
+
+int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
+ unsigned int flags)
+ {
+ CMSerr(CMS_F_CMS_UNCOMPRESS, CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
+ return 0;
+ }
+
+CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags)
+ {
+ CMSerr(CMS_F_CMS_COMPRESS, CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
+ return NULL;
+ }
+
+#endif
typedef int (*deflate_ft)(z_streamp strm, int flush);
typedef int (*deflateInit__ft)(z_streamp strm, int level,
const char * version, int stream_size);
+typedef const char * (*zError__ft)(int err);
static compress_ft p_compress=NULL;
static inflateEnd_ft p_inflateEnd=NULL;
static inflate_ft p_inflate=NULL;
static deflateEnd_ft p_deflateEnd=NULL;
static deflate_ft p_deflate=NULL;
static deflateInit__ft p_deflateInit_=NULL;
+static zError__ft p_zError=NULL;
static int zlib_loaded = 0; /* only attempt to init func pts once */
static DSO *zlib_dso = NULL;
#define deflateEnd p_deflateEnd
#define deflate p_deflate
#define deflateInit_ p_deflateInit_
+#define zError p_zError
#endif /* ZLIB_SHARED */
struct zlib_state
p_deflateInit_
= (deflateInit__ft) DSO_bind_func(zlib_dso,
"deflateInit_");
+ p_zError
+ = (zError__ft) DSO_bind_func(zlib_dso,
+ "zError");
if (p_compress && p_inflateEnd && p_inflate
&& p_inflateInit_ && p_deflateEnd
- && p_deflate && p_deflateInit_)
+ && p_deflate && p_deflateInit_ && p_zError)
zlib_loaded++;
}
}
return(meth);
}
+void COMP_zlib_cleanup(void)
+ {
+#ifdef ZLIB_SHARED
+ if (zlib_dso)
+ DSO_free(zlib_dso);
+#endif
+ }
+
+#ifdef ZLIB
+
+/* Zlib based compression/decompression filter BIO */
+
+typedef struct
+ {
+ unsigned char *ibuf; /* Input buffer */
+ int ibufsize; /* Buffer size */
+ z_stream zin; /* Input decompress context */
+ unsigned char *obuf; /* Output buffer */
+ int obufsize; /* Output buffer size */
+ unsigned char *optr; /* Position in output buffer */
+ int ocount; /* Amount of data in output buffer */
+ int odone; /* deflate EOF */
+ int comp_level; /* Compression level to use */
+ z_stream zout; /* Output compression context */
+ } BIO_ZLIB_CTX;
+
+#define ZLIB_DEFAULT_BUFSIZE 1024
+
+static int bio_zlib_new(BIO *bi);
+static int bio_zlib_free(BIO *bi);
+static int bio_zlib_read(BIO *b, char *out, int outl);
+static int bio_zlib_write(BIO *b, const char *in, int inl);
+static long bio_zlib_ctrl(BIO *b, int cmd, long num, void *ptr);
+static long bio_zlib_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp);
+
+static BIO_METHOD bio_meth_zlib =
+ {
+ BIO_TYPE_COMP,
+ "zlib",
+ bio_zlib_write,
+ bio_zlib_read,
+ NULL,
+ NULL,
+ bio_zlib_ctrl,
+ bio_zlib_new,
+ bio_zlib_free,
+ bio_zlib_callback_ctrl
+ };
+
+BIO_METHOD *BIO_f_zlib(void)
+ {
+ return &bio_meth_zlib;
+ }
+
+
+static int bio_zlib_new(BIO *bi)
+ {
+ BIO_ZLIB_CTX *ctx;
+#ifdef ZLIB_SHARED
+ (void)COMP_zlib();
+ if (!zlib_loaded)
+ {
+ COMPerr(COMP_F_BIO_ZLIB_NEW, COMP_R_ZLIB_NOT_SUPPORTED);
+ return 0;
+ }
+#endif
+ ctx = OPENSSL_malloc(sizeof(BIO_ZLIB_CTX));
+ if(!ctx)
+ {
+ COMPerr(COMP_F_BIO_ZLIB_NEW, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ ctx->ibuf = NULL;
+ ctx->obuf = NULL;
+ ctx->ibufsize = ZLIB_DEFAULT_BUFSIZE;
+ ctx->obufsize = ZLIB_DEFAULT_BUFSIZE;
+ ctx->zin.zalloc = Z_NULL;
+ ctx->zin.zfree = Z_NULL;
+ ctx->zin.next_in = NULL;
+ ctx->zin.avail_in = 0;
+ ctx->zin.next_out = NULL;
+ ctx->zin.avail_out = 0;
+ ctx->zout.zalloc = Z_NULL;
+ ctx->zout.zfree = Z_NULL;
+ ctx->zout.next_in = NULL;
+ ctx->zout.avail_in = 0;
+ ctx->zout.next_out = NULL;
+ ctx->zout.avail_out = 0;
+ ctx->odone = 0;
+ ctx->comp_level = Z_DEFAULT_COMPRESSION;
+ bi->init = 1;
+ bi->ptr = (char *)ctx;
+ bi->flags = 0;
+ return 1;
+ }
+
+static int bio_zlib_free(BIO *bi)
+ {
+ BIO_ZLIB_CTX *ctx;
+ if(!bi) return 0;
+ ctx = (BIO_ZLIB_CTX *)bi->ptr;
+ if(ctx->ibuf)
+ {
+ /* Destroy decompress context */
+ inflateEnd(&ctx->zin);
+ OPENSSL_free(ctx->ibuf);
+ }
+ if(ctx->obuf)
+ {
+ /* Destroy compress context */
+ deflateEnd(&ctx->zout);
+ OPENSSL_free(ctx->obuf);
+ }
+ OPENSSL_free(ctx);
+ bi->ptr = NULL;
+ bi->init = 0;
+ bi->flags = 0;
+ return 1;
+ }
+
+static int bio_zlib_read(BIO *b, char *out, int outl)
+ {
+ BIO_ZLIB_CTX *ctx;
+ int ret;
+ z_stream *zin;
+ if(!out || !outl) return 0;
+ ctx = (BIO_ZLIB_CTX *)b->ptr;
+ zin = &ctx->zin;
+ BIO_clear_retry_flags(b);
+ if(!ctx->ibuf)
+ {
+ ctx->ibuf = OPENSSL_malloc(ctx->ibufsize);
+ if(!ctx->ibuf)
+ {
+ COMPerr(COMP_F_BIO_ZLIB_READ, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ inflateInit(zin);
+ zin->next_in = ctx->ibuf;
+ zin->avail_in = 0;
+ }
+
+ /* Copy output data directly to supplied buffer */
+ zin->next_out = (unsigned char *)out;
+ zin->avail_out = (unsigned int)outl;
+ for(;;)
+ {
+ /* Decompress while data available */
+ while(zin->avail_in)
+ {
+ ret = inflate(zin, 0);
+ if((ret != Z_OK) && (ret != Z_STREAM_END))
+ {
+ COMPerr(COMP_F_BIO_ZLIB_READ,
+ COMP_R_ZLIB_INFLATE_ERROR);
+ ERR_add_error_data(2, "zlib error:",
+ zError(ret));
+ return 0;
+ }
+ /* If EOF or we've read everything then return */
+ if((ret == Z_STREAM_END) || !zin->avail_out)
+ return outl - zin->avail_out;
+ }
+
+ /* No data in input buffer try to read some in,
+ * if an error then return the total data read.
+ */
+ ret = BIO_read(b->next_bio, ctx->ibuf, ctx->ibufsize);
+ if(ret <= 0)
+ {
+ /* Total data read */
+ int tot = outl - zin->avail_out;
+ BIO_copy_next_retry(b);
+ if(ret < 0) return (tot > 0) ? tot : ret;
+ return tot;
+ }
+ zin->avail_in = ret;
+ zin->next_in = ctx->ibuf;
+ }
+ }
+
+static int bio_zlib_write(BIO *b, const char *in, int inl)
+ {
+ BIO_ZLIB_CTX *ctx;
+ int ret;
+ z_stream *zout;
+ if(!in || !inl) return 0;
+ ctx = (BIO_ZLIB_CTX *)b->ptr;
+ if(ctx->odone) return 0;
+ zout = &ctx->zout;
+ BIO_clear_retry_flags(b);
+ if(!ctx->obuf)
+ {
+ ctx->obuf = OPENSSL_malloc(ctx->obufsize);
+ /* Need error here */
+ if(!ctx->obuf)
+ {
+ COMPerr(COMP_F_BIO_ZLIB_WRITE, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ ctx->optr = ctx->obuf;
+ ctx->ocount = 0;
+ deflateInit(zout, ctx->comp_level);
+ zout->next_out = ctx->obuf;
+ zout->avail_out = ctx->obufsize;
+ }
+ /* Obtain input data directly from supplied buffer */
+ zout->next_in = (void *)in;
+ zout->avail_in = inl;
+ for(;;)
+ {
+ /* If data in output buffer write it first */
+ while(ctx->ocount) {
+ ret = BIO_write(b->next_bio, ctx->optr, ctx->ocount);
+ if(ret <= 0)
+ {
+ /* Total data written */
+ int tot = inl - zout->avail_in;
+ BIO_copy_next_retry(b);
+ if(ret < 0) return (tot > 0) ? tot : ret;
+ return tot;
+ }
+ ctx->optr += ret;
+ ctx->ocount -= ret;
+ }
+
+ /* Have we consumed all supplied data? */
+ if(!zout->avail_in)
+ return inl;
+
+ /* Compress some more */
+
+ /* Reset buffer */
+ ctx->optr = ctx->obuf;
+ zout->next_out = ctx->obuf;
+ zout->avail_out = ctx->obufsize;
+ /* Compress some more */
+ ret = deflate(zout, 0);
+ if(ret != Z_OK)
+ {
+ COMPerr(COMP_F_BIO_ZLIB_WRITE,
+ COMP_R_ZLIB_DEFLATE_ERROR);
+ ERR_add_error_data(2, "zlib error:", zError(ret));
+ return 0;
+ }
+ ctx->ocount = ctx->obufsize - zout->avail_out;
+ }
+ }
+
+static int bio_zlib_flush(BIO *b)
+ {
+ BIO_ZLIB_CTX *ctx;
+ int ret;
+ z_stream *zout;
+ ctx = (BIO_ZLIB_CTX *)b->ptr;
+ /* If no data written or already flush show success */
+ if(!ctx->obuf || (ctx->odone && !ctx->ocount)) return 1;
+ zout = &ctx->zout;
+ BIO_clear_retry_flags(b);
+ /* No more input data */
+ zout->next_in = NULL;
+ zout->avail_in = 0;
+ for(;;)
+ {
+ /* If data in output buffer write it first */
+ while(ctx->ocount)
+ {
+ ret = BIO_write(b->next_bio, ctx->optr, ctx->ocount);
+ if(ret <= 0)
+ {
+ BIO_copy_next_retry(b);
+ return ret;
+ }
+ ctx->optr += ret;
+ ctx->ocount -= ret;
+ }
+ if(ctx->odone) return 1;
+
+ /* Compress some more */
+
+ /* Reset buffer */
+ ctx->optr = ctx->obuf;
+ zout->next_out = ctx->obuf;
+ zout->avail_out = ctx->obufsize;
+ /* Compress some more */
+ ret = deflate(zout, Z_FINISH);
+ if(ret == Z_STREAM_END) ctx->odone = 1;
+ else if(ret != Z_OK)
+ {
+ COMPerr(COMP_F_BIO_ZLIB_FLUSH,
+ COMP_R_ZLIB_DEFLATE_ERROR);
+ ERR_add_error_data(2, "zlib error:", zError(ret));
+ return 0;
+ }
+ ctx->ocount = ctx->obufsize - zout->avail_out;
+ }
+ }
+
+static long bio_zlib_ctrl(BIO *b, int cmd, long num, void *ptr)
+ {
+ BIO_ZLIB_CTX *ctx;
+ int ret, *ip;
+ int ibs, obs;
+ if(!b->next_bio) return 0;
+ ctx = (BIO_ZLIB_CTX *)b->ptr;
+ switch (cmd)
+ {
+
+ case BIO_CTRL_RESET:
+ ctx->ocount = 0;
+ ctx->odone = 0;
+ break;
+
+ case BIO_CTRL_FLUSH:
+ ret = bio_zlib_flush(b);
+ if (ret > 0)
+ ret = BIO_flush(b->next_bio);
+ break;
+
+ case BIO_C_SET_BUFF_SIZE:
+ ibs = -1;
+ obs = -1;
+ if (ptr != NULL)
+ {
+ ip = ptr;
+ if (*ip == 0)
+ ibs = (int) num;
+ else
+ obs = (int) num;
+ }
+ else
+ {
+ ibs = (int)num;
+ obs = ibs;
+ }
+
+ if (ibs != -1)
+ {
+ if (ctx->ibuf)
+ {
+ OPENSSL_free(ctx->ibuf);
+ ctx->ibuf = NULL;
+ }
+ ctx->ibufsize = ibs;
+ }
+
+ if (obs != -1)
+ {
+ if (ctx->obuf)
+ {
+ OPENSSL_free(ctx->obuf);
+ ctx->obuf = NULL;
+ }
+ ctx->obufsize = obs;
+ }
+
+ break;
+
+ case BIO_C_DO_STATE_MACHINE:
+ BIO_clear_retry_flags(b);
+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+ BIO_copy_next_retry(b);
+ break;
+
+ default:
+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+ break;
+
+ }
+
+ return ret;
+ }
+
+
+static long bio_zlib_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
+ {
+ if(!b->next_bio)
+ return 0;
+ return
+ BIO_callback_ctrl(b->next_bio, cmd, fp);
+ }
+
+#endif
unsigned char *in, int ilen);
COMP_METHOD *COMP_rle(void );
COMP_METHOD *COMP_zlib(void );
+void COMP_zlib_cleanup(void);
+
+#ifdef HEADER_BIO_H
+#ifdef ZLIB
+BIO_METHOD *BIO_f_zlib(void);
+#endif
+#endif
/* BEGIN ERROR CODES */
/* The following lines are auto generated by the script mkerr.pl. Any changes
/* Error codes for the COMP functions. */
/* Function codes. */
+#define COMP_F_BIO_ZLIB_FLUSH 99
+#define COMP_F_BIO_ZLIB_NEW 100
+#define COMP_F_BIO_ZLIB_READ 101
+#define COMP_F_BIO_ZLIB_WRITE 102
/* Reason codes. */
+#define COMP_R_ZLIB_DEFLATE_ERROR 99
+#define COMP_R_ZLIB_INFLATE_ERROR 100
+#define COMP_R_ZLIB_NOT_SUPPORTED 101
#ifdef __cplusplus
}
/* crypto/comp/comp_err.c */
/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
static ERR_STRING_DATA COMP_str_functs[]=
{
+{ERR_FUNC(COMP_F_BIO_ZLIB_FLUSH), "BIO_ZLIB_FLUSH"},
+{ERR_FUNC(COMP_F_BIO_ZLIB_NEW), "BIO_ZLIB_NEW"},
+{ERR_FUNC(COMP_F_BIO_ZLIB_READ), "BIO_ZLIB_READ"},
+{ERR_FUNC(COMP_F_BIO_ZLIB_WRITE), "BIO_ZLIB_WRITE"},
{0,NULL}
};
static ERR_STRING_DATA COMP_str_reasons[]=
{
+{ERR_REASON(COMP_R_ZLIB_DEFLATE_ERROR) ,"zlib deflate error"},
+{ERR_REASON(COMP_R_ZLIB_INFLATE_ERROR) ,"zlib inflate error"},
+{ERR_REASON(COMP_R_ZLIB_NOT_SUPPORTED) ,"zlib not supported"},
{0,NULL}
};
long length,DES_key_schedule *ks1,
DES_key_schedule *ks2,DES_key_schedule *ks3,
DES_cblock *ivec,int *num);
-
+#if 0
void DES_xwhite_in2out(const_DES_cblock *DES_key,const_DES_cblock *in_white,
DES_cblock *out_white);
+#endif
int DES_enc_read(int fd,void *buf,int len,DES_key_schedule *sched,
DES_cblock *iv);
(DES_key_schedule *)ks3, ivec, num);
}
+#if 0 /* broken code, preserved just in case anyone specifically looks for this */
void _ossl_old_des_xwhite_in2out(_ossl_old_des_cblock (*des_key), _ossl_old_des_cblock (*in_white),
_ossl_old_des_cblock (*out_white))
{
DES_xwhite_in2out(des_key, in_white, out_white);
}
+#endif
int _ossl_old_des_enc_read(int fd,char *buf,int len,des_key_schedule sched,
_ossl_old_des_cblock *iv)
void _ossl_old_des_ede3_ofb64_encrypt(unsigned char *in, unsigned char *out,
long length, _ossl_old_des_key_schedule ks1, _ossl_old_des_key_schedule ks2,
_ossl_old_des_key_schedule ks3, _ossl_old_des_cblock *ivec, int *num);
-
+#if 0
void _ossl_old_des_xwhite_in2out(_ossl_old_des_cblock (*des_key), _ossl_old_des_cblock (*in_white),
_ossl_old_des_cblock (*out_white));
+#endif
int _ossl_old_des_enc_read(int fd,char *buf,int len,_ossl_old_des_key_schedule sched,
_ossl_old_des_cblock *iv);
* 1.1 added norm_expand_bits
* 1.0 First working version
*/
+#ifdef OPENSSL_FIPS
#include <openssl/fips.h>
+#endif
+
#include "des_locl.h"
OPENSSL_IMPLEMENT_GLOBAL(int,DES_check_key); /* defaults to false */
/* RSA's DESX */
+#if 0 /* broken code, preserved just in case anyone specifically looks for this */
static unsigned char desx_white_in2out[256]={
0xBD,0x56,0xEA,0xF2,0xA2,0xF1,0xAC,0x2A,0xB0,0x93,0xD1,0x9C,0x1B,0x33,0xFD,0xD0,
0x30,0x04,0xB6,0xDC,0x7D,0xDF,0x32,0x4B,0xF7,0xCB,0x45,0x9B,0x31,0xBB,0x21,0x5A,
}
out0=out[0];
- out1=out[i];
+ out1=out[i]; /* BUG: out-of-bounds read */
for (i=0; i<8; i++)
{
out[i]=in[i]^desx_white_in2out[out0^out1];
out1=(int)out[i&0x07];
}
}
+#endif
void DES_xcbc_encrypt(const unsigned char *in, unsigned char *out,
long length, DES_key_schedule *schedule,
#include <openssl/dsa.h>
#include <openssl/asn1.h>
#include <openssl/asn1t.h>
+#ifdef OPENSSL_FIPS
#include <openssl/fips.h>
+#endif
+
/* Override the default new methods */
static int sig_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
#include <openssl/dsa.h>
#include <openssl/rand.h>
#include <openssl/asn1.h>
+#ifdef OPENSSL_FIPS
#include <openssl/fips.h>
+#endif
+
DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
{
#include <openssl/dsa.h>
#include <openssl/rand.h>
#include <openssl/asn1.h>
+#ifdef OPENSSL_FIPS
#include <openssl/fips.h>
+#endif
+
#include <openssl/asn1_mac.h>
int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
#if defined(__OpenBSD__) || defined(__FreeBSD__)
ENGINE_load_cryptodev();
#endif
+#if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG)
+ ENGINE_load_capi();
+#endif
#endif
}
/* crypto/engine/eng_err.c */
/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
{ERR_FUNC(ENGINE_F_ENGINE_LIST_REMOVE), "ENGINE_LIST_REMOVE"},
{ERR_FUNC(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY), "ENGINE_load_private_key"},
{ERR_FUNC(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY), "ENGINE_load_public_key"},
+{ERR_FUNC(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT), "ENGINE_load_ssl_client_cert"},
{ERR_FUNC(ENGINE_F_ENGINE_NEW), "ENGINE_new"},
{ERR_FUNC(ENGINE_F_ENGINE_REMOVE), "ENGINE_remove"},
{ERR_FUNC(ENGINE_F_ENGINE_SET_DEFAULT_STRING), "ENGINE_set_default_string"},
ENGINE_LOAD_KEY_PTR load_privkey;
ENGINE_LOAD_KEY_PTR load_pubkey;
+ ENGINE_SSL_CLIENT_CERT_PTR load_ssl_client_cert;
+
const ENGINE_CMD_DEFN *cmd_defns;
int flags;
/* reference count on the structure itself */
#ifdef _MSC_VER
# include <malloc.h>
# define alloca _alloca
+#elif defined(NETWARE_CLIB) && defined(__GNUC__)
+ void *alloca(size_t);
+# define alloca(s) __builtin_alloca(s)
#else
# include <stdlib.h>
#endif
return 1;
}
-IMPLEMENT_DYNAMIC_CHECK_FN ()
-IMPLEMENT_DYNAMIC_BIND_FN (padlock_bind_fn)
+IMPLEMENT_DYNAMIC_CHECK_FN()
+IMPLEMENT_DYNAMIC_BIND_FN(padlock_bind_fn)
#endif /* DYNAMIC_ENGINE */
/* ===== Here comes the "real" engine ===== */
return 1;
}
+int ENGINE_set_load_ssl_client_cert_function(ENGINE *e,
+ ENGINE_SSL_CLIENT_CERT_PTR loadssl_f)
+ {
+ e->load_ssl_client_cert = loadssl_f;
+ return 1;
+ }
+
ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e)
{
return e->load_privkey;
return e->load_pubkey;
}
+ENGINE_SSL_CLIENT_CERT_PTR ENGINE_get_ssl_client_cert_function(const ENGINE *e)
+ {
+ return e->load_ssl_client_cert;
+ }
+
/* API functions to load public/private keys */
EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
}
return pkey;
}
+
+int ENGINE_load_ssl_client_cert(ENGINE *e, SSL *s,
+ STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **ppkey,
+ STACK_OF(X509) **pother, UI_METHOD *ui_method, void *callback_data)
+ {
+
+ if(e == NULL)
+ {
+ ENGINEerr(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT,
+ ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+ if(e->funct_ref == 0)
+ {
+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+ ENGINEerr(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT,
+ ENGINE_R_NOT_INITIALISED);
+ return 0;
+ }
+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+ if (!e->load_ssl_client_cert)
+ {
+ ENGINEerr(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT,
+ ENGINE_R_NO_LOAD_FUNCTION);
+ return 0;
+ }
+ return e->load_ssl_client_cert(e, s, ca_dn, pcert, ppkey, pother,
+ ui_method, callback_data);
+ }
{
fnd = OPENSSL_malloc(sizeof(ENGINE_PILE));
if(!fnd) goto end;
- fnd->uptodate = 0;
+ fnd->uptodate = 1;
fnd->nid = *nids;
fnd->sk = sk_ENGINE_new_null();
if(!fnd->sk)
if(!sk_ENGINE_push(fnd->sk, e))
goto end;
/* "touch" this ENGINE_PILE */
- fnd->uptodate = 1;
+ fnd->uptodate = 0;
if(setdefault)
{
if(!engine_unlocked_init(e))
if(fnd->funct)
engine_unlocked_finish(fnd->funct, 0);
fnd->funct = e;
+ fnd->uptodate = 1;
}
nids++;
}
while((n = sk_ENGINE_find(pile->sk, e)) >= 0)
{
(void)sk_ENGINE_delete(pile->sk, n);
- /* "touch" this ENGINE_CIPHER */
- pile->uptodate = 1;
+ pile->uptodate = 0;
}
if(pile->funct == e)
{
#include <openssl/err.h>
#endif
+#include <openssl/x509.h>
+
#include <openssl/ossl_typ.h>
#include <openssl/symhacks.h>
/* Generic load_key function pointer */
typedef EVP_PKEY * (*ENGINE_LOAD_KEY_PTR)(ENGINE *, const char *,
UI_METHOD *ui_method, void *callback_data);
+typedef int (*ENGINE_SSL_CLIENT_CERT_PTR)(ENGINE *, SSL *ssl,
+ STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **pkey,
+ STACK_OF(X509) **pother, UI_METHOD *ui_method, void *callback_data);
/* These callback types are for an ENGINE's handler for cipher and digest logic.
* These handlers have these prototypes;
* int foo(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid);
void ENGINE_load_cryptodev(void);
void ENGINE_load_padlock(void);
void ENGINE_load_builtin_engines(void);
+#ifndef OPENSSL_NO_CAPIENG
+void ENGINE_load_capi(void);
+#endif
/* Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation
* "registry" handling. */
int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f);
int ENGINE_set_load_privkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpriv_f);
int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f);
+int ENGINE_set_load_ssl_client_cert_function(ENGINE *e,
+ ENGINE_SSL_CLIENT_CERT_PTR loadssl_f);
int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f);
int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f);
int ENGINE_set_flags(ENGINE *e, int flags);
ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e);
ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e);
ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e);
+ENGINE_SSL_CLIENT_CERT_PTR ENGINE_get_ssl_client_cert_function(const ENGINE *e);
ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e);
ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e);
const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid);
UI_METHOD *ui_method, void *callback_data);
EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
UI_METHOD *ui_method, void *callback_data);
+int ENGINE_load_ssl_client_cert(ENGINE *e, SSL *s,
+ STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **ppkey,
+ STACK_OF(X509) **pother,
+ UI_METHOD *ui_method, void *callback_data);
/* This returns a pointer for the current ENGINE structure that
* is (by default) performing any RSA operations. The value returned
#define ENGINE_F_ENGINE_LIST_REMOVE 121
#define ENGINE_F_ENGINE_LOAD_PRIVATE_KEY 150
#define ENGINE_F_ENGINE_LOAD_PUBLIC_KEY 151
+#define ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT 192
#define ENGINE_F_ENGINE_NEW 122
#define ENGINE_F_ENGINE_REMOVE 123
#define ENGINE_F_ENGINE_SET_DEFAULT_STRING 189
#define ERR_LIB_ECDH 43
#define ERR_LIB_STORE 44
#define ERR_LIB_FIPS 45
+#define ERR_LIB_CMS 46
#define ERR_LIB_USER 128
#define ECDHerr(f,r) ERR_PUT_error(ERR_LIB_ECDH,(f),(r),__FILE__,__LINE__)
#define STOREerr(f,r) ERR_PUT_error(ERR_LIB_STORE,(f),(r),__FILE__,__LINE__)
#define FIPSerr(f,r) ERR_PUT_error(ERR_LIB_FIPS,(f),(r),__FILE__,__LINE__)
+#define CMSerr(f,r) ERR_PUT_error(ERR_LIB_CMS,(f),(r),__FILE__,__LINE__)
/* Borland C seems too stupid to be able to shift and do longs in
* the pre-processor :-( */
#include <openssl/ui.h>
#include <openssl/ocsp.h>
#include <openssl/err.h>
+#ifdef OPENSSL_FIPS
#include <openssl/fips.h>
+#endif
+
+#ifndef OPENSSL_NO_CMS
+#include <openssl/cms.h>
+#endif
void ERR_load_crypto_strings(void)
{
#ifdef OPENSSL_FIPS
ERR_load_FIPS_strings();
#endif
+#ifndef OPENSSL_NO_CMS
+ ERR_load_CMS_strings();
+#endif
#endif
}
{ERR_PACK(ERR_LIB_ENGINE,0,0) ,"engine routines"},
{ERR_PACK(ERR_LIB_OCSP,0,0) ,"OCSP routines"},
{ERR_PACK(ERR_LIB_FIPS,0,0) ,"FIPS routines"},
+{ERR_PACK(ERR_LIB_CMS,0,0) ,"CMS routines"},
{0,NULL},
};
L ECDH crypto/ecdh/ecdh.h crypto/ecdh/ech_err.c
L STORE crypto/store/store.h crypto/store/str_err.c
L FIPS fips/fips.h crypto/fips_err.h
+L CMS crypto/cms/cms.h crypto/cms/cms_err.c
# additional header files to be scanned for function names
L NONE crypto/x509/x509_vfy.h NONE
L NONE crypto/ec/ec_lcl.h NONE
+L NONE crypto/cms/cms_lcl.h NONE
F RSAREF_F_RSA_BN2BIN
EVP_CIPHER_get_asn1_iv,
NULL)
-#define IMPLEMENT_CAMELLIA_CFBR(ksize,cbits) IMPLEMENT_CFBR(camellia,Camellia,EVP_CAMELLIA_KEY,ks,ksize,cbits,16,0)
+#define IMPLEMENT_CAMELLIA_CFBR(ksize,cbits) IMPLEMENT_CFBR(camellia,Camellia,EVP_CAMELLIA_KEY,ks,ksize,cbits,16)
IMPLEMENT_CAMELLIA_CFBR(128,1)
IMPLEMENT_CAMELLIA_CFBR(192,1)
#include <openssl/dso.h>
#include <openssl/x509.h>
#include <openssl/x509v3.h>
+#ifdef OPENSSL_FIPS
#include <openssl/fips.h>
+#endif
+
/* Algorithm configuration module. */
#include <openssl/idea.h>
#include <openssl/crypto.h>
+#ifdef OPENSSL_FIPS
#include <openssl/fips.h>
+#endif
+
#include "idea_lcl.h"
static IDEA_INT inverse(unsigned int xin);
#include <openssl/md2.h>
#include <openssl/opensslv.h>
#include <openssl/crypto.h>
+#ifdef OPENSSL_FIPS
#include <openssl/fips.h>
+#endif
+
#include <openssl/err.h>
const char MD2_version[]="MD2" OPENSSL_VERSION_PTEXT;
#include "md4_locl.h"
#include <openssl/opensslv.h>
#include <openssl/err.h>
+#ifdef OPENSSL_FIPS
#include <openssl/fips.h>
+#endif
+
const char MD4_version[]="MD4" OPENSSL_VERSION_PTEXT;
#include "md5_locl.h"
#include <openssl/opensslv.h>
#include <openssl/err.h>
+#ifdef OPENSSL_FIPS
#include <openssl/fips.h>
+#endif
+
const char MD5_version[]="MD5" OPENSSL_VERSION_PTEXT;
#include <openssl/des.h>
#include <openssl/mdc2.h>
#include <openssl/err.h>
+#ifdef OPENSSL_FIPS
#include <openssl/fips.h>
+#endif
+
#undef c2l
#define c2l(c,l) (l =((DES_LONG)(*((c)++))) , \
* [including the GNU Public Licence.]
*/
-#define NUM_NID 786
-#define NUM_SN 779
-#define NUM_LN 779
-#define NUM_OBJ 735
+#define NUM_NID 791
+#define NUM_SN 784
+#define NUM_LN 784
+#define NUM_OBJ 740
-static unsigned char lvalues[5204]={
+static unsigned char lvalues[5258]={
0x00, /* [ 0] OBJ_undef */
0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 1] OBJ_rsadsi */
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 7] OBJ_pkcs */
0x2B,0x24,0x03,0x03,0x01,0x02, /* [603] OBJ_ripemd160WithRSA */
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x08, /* [609] OBJ_rc5_cbc */
0x29,0x01,0x01,0x85,0x1A,0x01, /* [617] OBJ_rle_compression */
-0x29,0x01,0x01,0x85,0x1A,0x02, /* [623] OBJ_zlib_compression */
-0x55,0x1D,0x25, /* [629] OBJ_ext_key_usage */
-0x2B,0x06,0x01,0x05,0x05,0x07, /* [632] OBJ_id_pkix */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x03, /* [638] OBJ_id_kp */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x01, /* [645] OBJ_server_auth */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x02, /* [653] OBJ_client_auth */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x03, /* [661] OBJ_code_sign */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x04, /* [669] OBJ_email_protect */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x08, /* [677] OBJ_time_stamp */
-0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x15,/* [685] OBJ_ms_code_ind */
-0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x16,/* [695] OBJ_ms_code_com */
-0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x01,/* [705] OBJ_ms_ctl_sign */
-0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x03,/* [715] OBJ_ms_sgc */
-0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x04,/* [725] OBJ_ms_efs */
-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x04,0x01,/* [735] OBJ_ns_sgc */
-0x55,0x1D,0x1B, /* [744] OBJ_delta_crl */
-0x55,0x1D,0x15, /* [747] OBJ_crl_reason */
-0x55,0x1D,0x18, /* [750] OBJ_invalidity_date */
-0x2B,0x65,0x01,0x04,0x01, /* [753] OBJ_sxnet */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x01,/* [758] OBJ_pbe_WithSHA1And128BitRC4 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x02,/* [768] OBJ_pbe_WithSHA1And40BitRC4 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x03,/* [778] OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x04,/* [788] OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x05,/* [798] OBJ_pbe_WithSHA1And128BitRC2_CBC */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x06,/* [808] OBJ_pbe_WithSHA1And40BitRC2_CBC */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x01,/* [818] OBJ_keyBag */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x02,/* [829] OBJ_pkcs8ShroudedKeyBag */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x03,/* [840] OBJ_certBag */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x04,/* [851] OBJ_crlBag */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x05,/* [862] OBJ_secretBag */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x06,/* [873] OBJ_safeContentsBag */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x14,/* [884] OBJ_friendlyName */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x15,/* [893] OBJ_localKeyID */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x16,0x01,/* [902] OBJ_x509Certificate */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x16,0x02,/* [912] OBJ_sdsiCertificate */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x17,0x01,/* [922] OBJ_x509Crl */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0D,/* [932] OBJ_pbes2 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0E,/* [941] OBJ_pbmac1 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x07, /* [950] OBJ_hmacWithSHA1 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x01, /* [958] OBJ_id_qt_cps */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x02, /* [966] OBJ_id_qt_unotice */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x0F,/* [974] OBJ_SMIMECapabilities */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x04,/* [983] OBJ_pbeWithMD2AndRC2_CBC */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x06,/* [992] OBJ_pbeWithMD5AndRC2_CBC */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0A,/* [1001] OBJ_pbeWithSHA1AndDES_CBC */
-0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x0E,/* [1010] OBJ_ms_ext_req */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x0E,/* [1020] OBJ_ext_req */
-0x55,0x04,0x29, /* [1029] OBJ_name */
-0x55,0x04,0x2E, /* [1032] OBJ_dnQualifier */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01, /* [1035] OBJ_id_pe */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30, /* [1042] OBJ_id_ad */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x01, /* [1049] OBJ_info_access */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01, /* [1057] OBJ_ad_OCSP */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x02, /* [1065] OBJ_ad_ca_issuers */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x09, /* [1073] OBJ_OCSP_sign */
-0x28, /* [1081] OBJ_iso */
-0x2A, /* [1082] OBJ_member_body */
-0x2A,0x86,0x48, /* [1083] OBJ_ISO_US */
-0x2A,0x86,0x48,0xCE,0x38, /* [1086] OBJ_X9_57 */
-0x2A,0x86,0x48,0xCE,0x38,0x04, /* [1091] OBJ_X9cm */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01, /* [1097] OBJ_pkcs1 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05, /* [1105] OBJ_pkcs5 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,/* [1113] OBJ_SMIME */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,/* [1122] OBJ_id_smime_mod */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,/* [1132] OBJ_id_smime_ct */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,/* [1142] OBJ_id_smime_aa */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,/* [1152] OBJ_id_smime_alg */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x04,/* [1162] OBJ_id_smime_cd */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,/* [1172] OBJ_id_smime_spq */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,/* [1182] OBJ_id_smime_cti */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x01,/* [1192] OBJ_id_smime_mod_cms */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x02,/* [1203] OBJ_id_smime_mod_ess */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x03,/* [1214] OBJ_id_smime_mod_oid */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x04,/* [1225] OBJ_id_smime_mod_msg_v3 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x05,/* [1236] OBJ_id_smime_mod_ets_eSignature_88 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x06,/* [1247] OBJ_id_smime_mod_ets_eSignature_97 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x07,/* [1258] OBJ_id_smime_mod_ets_eSigPolicy_88 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x08,/* [1269] OBJ_id_smime_mod_ets_eSigPolicy_97 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x01,/* [1280] OBJ_id_smime_ct_receipt */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x02,/* [1291] OBJ_id_smime_ct_authData */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x03,/* [1302] OBJ_id_smime_ct_publishCert */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x04,/* [1313] OBJ_id_smime_ct_TSTInfo */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x05,/* [1324] OBJ_id_smime_ct_TDTInfo */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x06,/* [1335] OBJ_id_smime_ct_contentInfo */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x07,/* [1346] OBJ_id_smime_ct_DVCSRequestData */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x08,/* [1357] OBJ_id_smime_ct_DVCSResponseData */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x01,/* [1368] OBJ_id_smime_aa_receiptRequest */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x02,/* [1379] OBJ_id_smime_aa_securityLabel */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x03,/* [1390] OBJ_id_smime_aa_mlExpandHistory */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x04,/* [1401] OBJ_id_smime_aa_contentHint */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x05,/* [1412] OBJ_id_smime_aa_msgSigDigest */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x06,/* [1423] OBJ_id_smime_aa_encapContentType */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x07,/* [1434] OBJ_id_smime_aa_contentIdentifier */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x08,/* [1445] OBJ_id_smime_aa_macValue */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x09,/* [1456] OBJ_id_smime_aa_equivalentLabels */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0A,/* [1467] OBJ_id_smime_aa_contentReference */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0B,/* [1478] OBJ_id_smime_aa_encrypKeyPref */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0C,/* [1489] OBJ_id_smime_aa_signingCertificate */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0D,/* [1500] OBJ_id_smime_aa_smimeEncryptCerts */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0E,/* [1511] OBJ_id_smime_aa_timeStampToken */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0F,/* [1522] OBJ_id_smime_aa_ets_sigPolicyId */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x10,/* [1533] OBJ_id_smime_aa_ets_commitmentType */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x11,/* [1544] OBJ_id_smime_aa_ets_signerLocation */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x12,/* [1555] OBJ_id_smime_aa_ets_signerAttr */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x13,/* [1566] OBJ_id_smime_aa_ets_otherSigCert */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x14,/* [1577] OBJ_id_smime_aa_ets_contentTimestamp */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x15,/* [1588] OBJ_id_smime_aa_ets_CertificateRefs */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x16,/* [1599] OBJ_id_smime_aa_ets_RevocationRefs */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x17,/* [1610] OBJ_id_smime_aa_ets_certValues */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x18,/* [1621] OBJ_id_smime_aa_ets_revocationValues */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x19,/* [1632] OBJ_id_smime_aa_ets_escTimeStamp */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1A,/* [1643] OBJ_id_smime_aa_ets_certCRLTimestamp */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1B,/* [1654] OBJ_id_smime_aa_ets_archiveTimeStamp */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1C,/* [1665] OBJ_id_smime_aa_signatureType */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1D,/* [1676] OBJ_id_smime_aa_dvcs_dvc */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x01,/* [1687] OBJ_id_smime_alg_ESDHwith3DES */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x02,/* [1698] OBJ_id_smime_alg_ESDHwithRC2 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x03,/* [1709] OBJ_id_smime_alg_3DESwrap */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x04,/* [1720] OBJ_id_smime_alg_RC2wrap */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x05,/* [1731] OBJ_id_smime_alg_ESDH */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x06,/* [1742] OBJ_id_smime_alg_CMS3DESwrap */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x07,/* [1753] OBJ_id_smime_alg_CMSRC2wrap */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x04,0x01,/* [1764] OBJ_id_smime_cd_ldap */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,0x01,/* [1775] OBJ_id_smime_spq_ets_sqt_uri */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,0x02,/* [1786] OBJ_id_smime_spq_ets_sqt_unotice */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x01,/* [1797] OBJ_id_smime_cti_ets_proofOfOrigin */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x02,/* [1808] OBJ_id_smime_cti_ets_proofOfReceipt */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x03,/* [1819] OBJ_id_smime_cti_ets_proofOfDelivery */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x04,/* [1830] OBJ_id_smime_cti_ets_proofOfSender */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x05,/* [1841] OBJ_id_smime_cti_ets_proofOfApproval */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x06,/* [1852] OBJ_id_smime_cti_ets_proofOfCreation */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x04, /* [1863] OBJ_md4 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00, /* [1871] OBJ_id_pkix_mod */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x02, /* [1878] OBJ_id_qt */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04, /* [1885] OBJ_id_it */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x05, /* [1892] OBJ_id_pkip */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x06, /* [1899] OBJ_id_alg */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07, /* [1906] OBJ_id_cmc */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x08, /* [1913] OBJ_id_on */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x09, /* [1920] OBJ_id_pda */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0A, /* [1927] OBJ_id_aca */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0B, /* [1934] OBJ_id_qcs */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0C, /* [1941] OBJ_id_cct */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x01, /* [1948] OBJ_id_pkix1_explicit_88 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x02, /* [1956] OBJ_id_pkix1_implicit_88 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x03, /* [1964] OBJ_id_pkix1_explicit_93 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x04, /* [1972] OBJ_id_pkix1_implicit_93 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x05, /* [1980] OBJ_id_mod_crmf */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x06, /* [1988] OBJ_id_mod_cmc */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x07, /* [1996] OBJ_id_mod_kea_profile_88 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x08, /* [2004] OBJ_id_mod_kea_profile_93 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x09, /* [2012] OBJ_id_mod_cmp */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0A, /* [2020] OBJ_id_mod_qualified_cert_88 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0B, /* [2028] OBJ_id_mod_qualified_cert_93 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0C, /* [2036] OBJ_id_mod_attribute_cert */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0D, /* [2044] OBJ_id_mod_timestamp_protocol */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0E, /* [2052] OBJ_id_mod_ocsp */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0F, /* [2060] OBJ_id_mod_dvcs */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x10, /* [2068] OBJ_id_mod_cmp2000 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x02, /* [2076] OBJ_biometricInfo */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x03, /* [2084] OBJ_qcStatements */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x04, /* [2092] OBJ_ac_auditEntity */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x05, /* [2100] OBJ_ac_targeting */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x06, /* [2108] OBJ_aaControls */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x07, /* [2116] OBJ_sbgp_ipAddrBlock */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x08, /* [2124] OBJ_sbgp_autonomousSysNum */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x09, /* [2132] OBJ_sbgp_routerIdentifier */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x03, /* [2140] OBJ_textNotice */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x05, /* [2148] OBJ_ipsecEndSystem */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x06, /* [2156] OBJ_ipsecTunnel */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x07, /* [2164] OBJ_ipsecUser */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x0A, /* [2172] OBJ_dvcs */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x01, /* [2180] OBJ_id_it_caProtEncCert */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x02, /* [2188] OBJ_id_it_signKeyPairTypes */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x03, /* [2196] OBJ_id_it_encKeyPairTypes */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x04, /* [2204] OBJ_id_it_preferredSymmAlg */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x05, /* [2212] OBJ_id_it_caKeyUpdateInfo */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x06, /* [2220] OBJ_id_it_currentCRL */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x07, /* [2228] OBJ_id_it_unsupportedOIDs */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x08, /* [2236] OBJ_id_it_subscriptionRequest */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x09, /* [2244] OBJ_id_it_subscriptionResponse */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0A, /* [2252] OBJ_id_it_keyPairParamReq */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0B, /* [2260] OBJ_id_it_keyPairParamRep */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0C, /* [2268] OBJ_id_it_revPassphrase */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0D, /* [2276] OBJ_id_it_implicitConfirm */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0E, /* [2284] OBJ_id_it_confirmWaitTime */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0F, /* [2292] OBJ_id_it_origPKIMessage */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01, /* [2300] OBJ_id_regCtrl */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02, /* [2308] OBJ_id_regInfo */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x01,/* [2316] OBJ_id_regCtrl_regToken */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x02,/* [2325] OBJ_id_regCtrl_authenticator */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x03,/* [2334] OBJ_id_regCtrl_pkiPublicationInfo */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x04,/* [2343] OBJ_id_regCtrl_pkiArchiveOptions */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x05,/* [2352] OBJ_id_regCtrl_oldCertID */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x06,/* [2361] OBJ_id_regCtrl_protocolEncrKey */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02,0x01,/* [2370] OBJ_id_regInfo_utf8Pairs */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02,0x02,/* [2379] OBJ_id_regInfo_certReq */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x01, /* [2388] OBJ_id_alg_des40 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x02, /* [2396] OBJ_id_alg_noSignature */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x03, /* [2404] OBJ_id_alg_dh_sig_hmac_sha1 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x04, /* [2412] OBJ_id_alg_dh_pop */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x01, /* [2420] OBJ_id_cmc_statusInfo */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x02, /* [2428] OBJ_id_cmc_identification */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x03, /* [2436] OBJ_id_cmc_identityProof */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x04, /* [2444] OBJ_id_cmc_dataReturn */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x05, /* [2452] OBJ_id_cmc_transactionId */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x06, /* [2460] OBJ_id_cmc_senderNonce */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x07, /* [2468] OBJ_id_cmc_recipientNonce */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x08, /* [2476] OBJ_id_cmc_addExtensions */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x09, /* [2484] OBJ_id_cmc_encryptedPOP */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0A, /* [2492] OBJ_id_cmc_decryptedPOP */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0B, /* [2500] OBJ_id_cmc_lraPOPWitness */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0F, /* [2508] OBJ_id_cmc_getCert */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x10, /* [2516] OBJ_id_cmc_getCRL */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x11, /* [2524] OBJ_id_cmc_revokeRequest */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x12, /* [2532] OBJ_id_cmc_regInfo */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x13, /* [2540] OBJ_id_cmc_responseInfo */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x15, /* [2548] OBJ_id_cmc_queryPending */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x16, /* [2556] OBJ_id_cmc_popLinkRandom */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x17, /* [2564] OBJ_id_cmc_popLinkWitness */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x18, /* [2572] OBJ_id_cmc_confirmCertAcceptance */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x08,0x01, /* [2580] OBJ_id_on_personalData */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x01, /* [2588] OBJ_id_pda_dateOfBirth */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x02, /* [2596] OBJ_id_pda_placeOfBirth */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x03, /* [2604] OBJ_id_pda_gender */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x04, /* [2612] OBJ_id_pda_countryOfCitizenship */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x05, /* [2620] OBJ_id_pda_countryOfResidence */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x01, /* [2628] OBJ_id_aca_authenticationInfo */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x02, /* [2636] OBJ_id_aca_accessIdentity */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x03, /* [2644] OBJ_id_aca_chargingIdentity */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x04, /* [2652] OBJ_id_aca_group */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x05, /* [2660] OBJ_id_aca_role */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0B,0x01, /* [2668] OBJ_id_qcs_pkixQCSyntax_v1 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x01, /* [2676] OBJ_id_cct_crs */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x02, /* [2684] OBJ_id_cct_PKIData */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x03, /* [2692] OBJ_id_cct_PKIResponse */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x03, /* [2700] OBJ_ad_timeStamping */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x04, /* [2708] OBJ_ad_dvcs */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x01,/* [2716] OBJ_id_pkix_OCSP_basic */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x02,/* [2725] OBJ_id_pkix_OCSP_Nonce */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x03,/* [2734] OBJ_id_pkix_OCSP_CrlID */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x04,/* [2743] OBJ_id_pkix_OCSP_acceptableResponses */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x05,/* [2752] OBJ_id_pkix_OCSP_noCheck */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x06,/* [2761] OBJ_id_pkix_OCSP_archiveCutoff */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x07,/* [2770] OBJ_id_pkix_OCSP_serviceLocator */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x08,/* [2779] OBJ_id_pkix_OCSP_extendedStatus */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x09,/* [2788] OBJ_id_pkix_OCSP_valid */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x0A,/* [2797] OBJ_id_pkix_OCSP_path */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x0B,/* [2806] OBJ_id_pkix_OCSP_trustRoot */
-0x2B,0x0E,0x03,0x02, /* [2815] OBJ_algorithm */
-0x2B,0x0E,0x03,0x02,0x0B, /* [2819] OBJ_rsaSignature */
-0x55,0x08, /* [2824] OBJ_X500algorithms */
-0x2B, /* [2826] OBJ_org */
-0x2B,0x06, /* [2827] OBJ_dod */
-0x2B,0x06,0x01, /* [2829] OBJ_iana */
-0x2B,0x06,0x01,0x01, /* [2832] OBJ_Directory */
-0x2B,0x06,0x01,0x02, /* [2836] OBJ_Management */
-0x2B,0x06,0x01,0x03, /* [2840] OBJ_Experimental */
-0x2B,0x06,0x01,0x04, /* [2844] OBJ_Private */
-0x2B,0x06,0x01,0x05, /* [2848] OBJ_Security */
-0x2B,0x06,0x01,0x06, /* [2852] OBJ_SNMPv2 */
-0x2B,0x06,0x01,0x07, /* [2856] OBJ_Mail */
-0x2B,0x06,0x01,0x04,0x01, /* [2860] OBJ_Enterprises */
-0x2B,0x06,0x01,0x04,0x01,0x8B,0x3A,0x82,0x58,/* [2865] OBJ_dcObject */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x19,/* [2874] OBJ_domainComponent */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0D,/* [2884] OBJ_Domain */
-0x00, /* [2894] OBJ_joint_iso_ccitt */
-0x55,0x01,0x05, /* [2895] OBJ_selected_attribute_types */
-0x55,0x01,0x05,0x37, /* [2898] OBJ_clearance */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x03,/* [2902] OBJ_md4WithRSAEncryption */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0A, /* [2911] OBJ_ac_proxying */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0B, /* [2919] OBJ_sinfo_access */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x06, /* [2927] OBJ_id_aca_encAttrs */
-0x55,0x04,0x48, /* [2935] OBJ_role */
-0x55,0x1D,0x24, /* [2938] OBJ_policy_constraints */
-0x55,0x1D,0x37, /* [2941] OBJ_target_information */
-0x55,0x1D,0x38, /* [2944] OBJ_no_rev_avail */
-0x00, /* [2947] OBJ_ccitt */
-0x2A,0x86,0x48,0xCE,0x3D, /* [2948] OBJ_ansi_X9_62 */
-0x2A,0x86,0x48,0xCE,0x3D,0x01,0x01, /* [2953] OBJ_X9_62_prime_field */
-0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02, /* [2960] OBJ_X9_62_characteristic_two_field */
-0x2A,0x86,0x48,0xCE,0x3D,0x02,0x01, /* [2967] OBJ_X9_62_id_ecPublicKey */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x01, /* [2974] OBJ_X9_62_prime192v1 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x02, /* [2982] OBJ_X9_62_prime192v2 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x03, /* [2990] OBJ_X9_62_prime192v3 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x04, /* [2998] OBJ_X9_62_prime239v1 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x05, /* [3006] OBJ_X9_62_prime239v2 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x06, /* [3014] OBJ_X9_62_prime239v3 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x07, /* [3022] OBJ_X9_62_prime256v1 */
-0x2A,0x86,0x48,0xCE,0x3D,0x04,0x01, /* [3030] OBJ_ecdsa_with_SHA1 */
-0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x11,0x01,/* [3037] OBJ_ms_csp_name */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x01,/* [3046] OBJ_aes_128_ecb */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x02,/* [3055] OBJ_aes_128_cbc */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x03,/* [3064] OBJ_aes_128_ofb128 */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x04,/* [3073] OBJ_aes_128_cfb128 */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x15,/* [3082] OBJ_aes_192_ecb */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x16,/* [3091] OBJ_aes_192_cbc */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x17,/* [3100] OBJ_aes_192_ofb128 */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x18,/* [3109] OBJ_aes_192_cfb128 */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x29,/* [3118] OBJ_aes_256_ecb */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2A,/* [3127] OBJ_aes_256_cbc */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2B,/* [3136] OBJ_aes_256_ofb128 */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2C,/* [3145] OBJ_aes_256_cfb128 */
-0x55,0x1D,0x17, /* [3154] OBJ_hold_instruction_code */
-0x2A,0x86,0x48,0xCE,0x38,0x02,0x01, /* [3157] OBJ_hold_instruction_none */
-0x2A,0x86,0x48,0xCE,0x38,0x02,0x02, /* [3164] OBJ_hold_instruction_call_issuer */
-0x2A,0x86,0x48,0xCE,0x38,0x02,0x03, /* [3171] OBJ_hold_instruction_reject */
-0x09, /* [3178] OBJ_data */
-0x09,0x92,0x26, /* [3179] OBJ_pss */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C, /* [3182] OBJ_ucl */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64, /* [3189] OBJ_pilot */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,/* [3197] OBJ_pilotAttributeType */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,/* [3206] OBJ_pilotAttributeSyntax */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,/* [3215] OBJ_pilotObjectClass */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x0A,/* [3224] OBJ_pilotGroups */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,0x04,/* [3233] OBJ_iA5StringSyntax */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,0x05,/* [3243] OBJ_caseIgnoreIA5StringSyntax */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x03,/* [3253] OBJ_pilotObject */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x04,/* [3263] OBJ_pilotPerson */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x05,/* [3273] OBJ_account */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x06,/* [3283] OBJ_document */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x07,/* [3293] OBJ_room */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x09,/* [3303] OBJ_documentSeries */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0E,/* [3313] OBJ_rFC822localPart */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0F,/* [3323] OBJ_dNSDomain */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x11,/* [3333] OBJ_domainRelatedObject */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x12,/* [3343] OBJ_friendlyCountry */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x13,/* [3353] OBJ_simpleSecurityObject */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x14,/* [3363] OBJ_pilotOrganization */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x15,/* [3373] OBJ_pilotDSA */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x16,/* [3383] OBJ_qualityLabelledData */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x01,/* [3393] OBJ_userId */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x02,/* [3403] OBJ_textEncodedORAddress */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x03,/* [3413] OBJ_rfc822Mailbox */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x04,/* [3423] OBJ_info */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x05,/* [3433] OBJ_favouriteDrink */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x06,/* [3443] OBJ_roomNumber */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x07,/* [3453] OBJ_photo */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x08,/* [3463] OBJ_userClass */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x09,/* [3473] OBJ_host */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0A,/* [3483] OBJ_manager */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0B,/* [3493] OBJ_documentIdentifier */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0C,/* [3503] OBJ_documentTitle */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0D,/* [3513] OBJ_documentVersion */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0E,/* [3523] OBJ_documentAuthor */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0F,/* [3533] OBJ_documentLocation */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x14,/* [3543] OBJ_homeTelephoneNumber */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x15,/* [3553] OBJ_secretary */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x16,/* [3563] OBJ_otherMailbox */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x17,/* [3573] OBJ_lastModifiedTime */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x18,/* [3583] OBJ_lastModifiedBy */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1A,/* [3593] OBJ_aRecord */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1B,/* [3603] OBJ_pilotAttributeType27 */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1C,/* [3613] OBJ_mXRecord */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1D,/* [3623] OBJ_nSRecord */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1E,/* [3633] OBJ_sOARecord */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1F,/* [3643] OBJ_cNAMERecord */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x25,/* [3653] OBJ_associatedDomain */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x26,/* [3663] OBJ_associatedName */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x27,/* [3673] OBJ_homePostalAddress */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x28,/* [3683] OBJ_personalTitle */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x29,/* [3693] OBJ_mobileTelephoneNumber */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2A,/* [3703] OBJ_pagerTelephoneNumber */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2B,/* [3713] OBJ_friendlyCountryName */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2D,/* [3723] OBJ_organizationalStatus */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2E,/* [3733] OBJ_janetMailbox */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2F,/* [3743] OBJ_mailPreferenceOption */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x30,/* [3753] OBJ_buildingName */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x31,/* [3763] OBJ_dSAQuality */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x32,/* [3773] OBJ_singleLevelQuality */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x33,/* [3783] OBJ_subtreeMinimumQuality */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x34,/* [3793] OBJ_subtreeMaximumQuality */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x35,/* [3803] OBJ_personalSignature */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x36,/* [3813] OBJ_dITRedirect */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x37,/* [3823] OBJ_audio */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x38,/* [3833] OBJ_documentPublisher */
-0x55,0x04,0x2D, /* [3843] OBJ_x500UniqueIdentifier */
-0x2B,0x06,0x01,0x07,0x01, /* [3846] OBJ_mime_mhs */
-0x2B,0x06,0x01,0x07,0x01,0x01, /* [3851] OBJ_mime_mhs_headings */
-0x2B,0x06,0x01,0x07,0x01,0x02, /* [3857] OBJ_mime_mhs_bodies */
-0x2B,0x06,0x01,0x07,0x01,0x01,0x01, /* [3863] OBJ_id_hex_partial_message */
-0x2B,0x06,0x01,0x07,0x01,0x01,0x02, /* [3870] OBJ_id_hex_multipart_message */
-0x55,0x04,0x2C, /* [3877] OBJ_generationQualifier */
-0x55,0x04,0x41, /* [3880] OBJ_pseudonym */
-0x67,0x2A, /* [3883] OBJ_id_set */
-0x67,0x2A,0x00, /* [3885] OBJ_set_ctype */
-0x67,0x2A,0x01, /* [3888] OBJ_set_msgExt */
-0x67,0x2A,0x03, /* [3891] OBJ_set_attr */
-0x67,0x2A,0x05, /* [3894] OBJ_set_policy */
-0x67,0x2A,0x07, /* [3897] OBJ_set_certExt */
-0x67,0x2A,0x08, /* [3900] OBJ_set_brand */
-0x67,0x2A,0x00,0x00, /* [3903] OBJ_setct_PANData */
-0x67,0x2A,0x00,0x01, /* [3907] OBJ_setct_PANToken */
-0x67,0x2A,0x00,0x02, /* [3911] OBJ_setct_PANOnly */
-0x67,0x2A,0x00,0x03, /* [3915] OBJ_setct_OIData */
-0x67,0x2A,0x00,0x04, /* [3919] OBJ_setct_PI */
-0x67,0x2A,0x00,0x05, /* [3923] OBJ_setct_PIData */
-0x67,0x2A,0x00,0x06, /* [3927] OBJ_setct_PIDataUnsigned */
-0x67,0x2A,0x00,0x07, /* [3931] OBJ_setct_HODInput */
-0x67,0x2A,0x00,0x08, /* [3935] OBJ_setct_AuthResBaggage */
-0x67,0x2A,0x00,0x09, /* [3939] OBJ_setct_AuthRevReqBaggage */
-0x67,0x2A,0x00,0x0A, /* [3943] OBJ_setct_AuthRevResBaggage */
-0x67,0x2A,0x00,0x0B, /* [3947] OBJ_setct_CapTokenSeq */
-0x67,0x2A,0x00,0x0C, /* [3951] OBJ_setct_PInitResData */
-0x67,0x2A,0x00,0x0D, /* [3955] OBJ_setct_PI_TBS */
-0x67,0x2A,0x00,0x0E, /* [3959] OBJ_setct_PResData */
-0x67,0x2A,0x00,0x10, /* [3963] OBJ_setct_AuthReqTBS */
-0x67,0x2A,0x00,0x11, /* [3967] OBJ_setct_AuthResTBS */
-0x67,0x2A,0x00,0x12, /* [3971] OBJ_setct_AuthResTBSX */
-0x67,0x2A,0x00,0x13, /* [3975] OBJ_setct_AuthTokenTBS */
-0x67,0x2A,0x00,0x14, /* [3979] OBJ_setct_CapTokenData */
-0x67,0x2A,0x00,0x15, /* [3983] OBJ_setct_CapTokenTBS */
-0x67,0x2A,0x00,0x16, /* [3987] OBJ_setct_AcqCardCodeMsg */
-0x67,0x2A,0x00,0x17, /* [3991] OBJ_setct_AuthRevReqTBS */
-0x67,0x2A,0x00,0x18, /* [3995] OBJ_setct_AuthRevResData */
-0x67,0x2A,0x00,0x19, /* [3999] OBJ_setct_AuthRevResTBS */
-0x67,0x2A,0x00,0x1A, /* [4003] OBJ_setct_CapReqTBS */
-0x67,0x2A,0x00,0x1B, /* [4007] OBJ_setct_CapReqTBSX */
-0x67,0x2A,0x00,0x1C, /* [4011] OBJ_setct_CapResData */
-0x67,0x2A,0x00,0x1D, /* [4015] OBJ_setct_CapRevReqTBS */
-0x67,0x2A,0x00,0x1E, /* [4019] OBJ_setct_CapRevReqTBSX */
-0x67,0x2A,0x00,0x1F, /* [4023] OBJ_setct_CapRevResData */
-0x67,0x2A,0x00,0x20, /* [4027] OBJ_setct_CredReqTBS */
-0x67,0x2A,0x00,0x21, /* [4031] OBJ_setct_CredReqTBSX */
-0x67,0x2A,0x00,0x22, /* [4035] OBJ_setct_CredResData */
-0x67,0x2A,0x00,0x23, /* [4039] OBJ_setct_CredRevReqTBS */
-0x67,0x2A,0x00,0x24, /* [4043] OBJ_setct_CredRevReqTBSX */
-0x67,0x2A,0x00,0x25, /* [4047] OBJ_setct_CredRevResData */
-0x67,0x2A,0x00,0x26, /* [4051] OBJ_setct_PCertReqData */
-0x67,0x2A,0x00,0x27, /* [4055] OBJ_setct_PCertResTBS */
-0x67,0x2A,0x00,0x28, /* [4059] OBJ_setct_BatchAdminReqData */
-0x67,0x2A,0x00,0x29, /* [4063] OBJ_setct_BatchAdminResData */
-0x67,0x2A,0x00,0x2A, /* [4067] OBJ_setct_CardCInitResTBS */
-0x67,0x2A,0x00,0x2B, /* [4071] OBJ_setct_MeAqCInitResTBS */
-0x67,0x2A,0x00,0x2C, /* [4075] OBJ_setct_RegFormResTBS */
-0x67,0x2A,0x00,0x2D, /* [4079] OBJ_setct_CertReqData */
-0x67,0x2A,0x00,0x2E, /* [4083] OBJ_setct_CertReqTBS */
-0x67,0x2A,0x00,0x2F, /* [4087] OBJ_setct_CertResData */
-0x67,0x2A,0x00,0x30, /* [4091] OBJ_setct_CertInqReqTBS */
-0x67,0x2A,0x00,0x31, /* [4095] OBJ_setct_ErrorTBS */
-0x67,0x2A,0x00,0x32, /* [4099] OBJ_setct_PIDualSignedTBE */
-0x67,0x2A,0x00,0x33, /* [4103] OBJ_setct_PIUnsignedTBE */
-0x67,0x2A,0x00,0x34, /* [4107] OBJ_setct_AuthReqTBE */
-0x67,0x2A,0x00,0x35, /* [4111] OBJ_setct_AuthResTBE */
-0x67,0x2A,0x00,0x36, /* [4115] OBJ_setct_AuthResTBEX */
-0x67,0x2A,0x00,0x37, /* [4119] OBJ_setct_AuthTokenTBE */
-0x67,0x2A,0x00,0x38, /* [4123] OBJ_setct_CapTokenTBE */
-0x67,0x2A,0x00,0x39, /* [4127] OBJ_setct_CapTokenTBEX */
-0x67,0x2A,0x00,0x3A, /* [4131] OBJ_setct_AcqCardCodeMsgTBE */
-0x67,0x2A,0x00,0x3B, /* [4135] OBJ_setct_AuthRevReqTBE */
-0x67,0x2A,0x00,0x3C, /* [4139] OBJ_setct_AuthRevResTBE */
-0x67,0x2A,0x00,0x3D, /* [4143] OBJ_setct_AuthRevResTBEB */
-0x67,0x2A,0x00,0x3E, /* [4147] OBJ_setct_CapReqTBE */
-0x67,0x2A,0x00,0x3F, /* [4151] OBJ_setct_CapReqTBEX */
-0x67,0x2A,0x00,0x40, /* [4155] OBJ_setct_CapResTBE */
-0x67,0x2A,0x00,0x41, /* [4159] OBJ_setct_CapRevReqTBE */
-0x67,0x2A,0x00,0x42, /* [4163] OBJ_setct_CapRevReqTBEX */
-0x67,0x2A,0x00,0x43, /* [4167] OBJ_setct_CapRevResTBE */
-0x67,0x2A,0x00,0x44, /* [4171] OBJ_setct_CredReqTBE */
-0x67,0x2A,0x00,0x45, /* [4175] OBJ_setct_CredReqTBEX */
-0x67,0x2A,0x00,0x46, /* [4179] OBJ_setct_CredResTBE */
-0x67,0x2A,0x00,0x47, /* [4183] OBJ_setct_CredRevReqTBE */
-0x67,0x2A,0x00,0x48, /* [4187] OBJ_setct_CredRevReqTBEX */
-0x67,0x2A,0x00,0x49, /* [4191] OBJ_setct_CredRevResTBE */
-0x67,0x2A,0x00,0x4A, /* [4195] OBJ_setct_BatchAdminReqTBE */
-0x67,0x2A,0x00,0x4B, /* [4199] OBJ_setct_BatchAdminResTBE */
-0x67,0x2A,0x00,0x4C, /* [4203] OBJ_setct_RegFormReqTBE */
-0x67,0x2A,0x00,0x4D, /* [4207] OBJ_setct_CertReqTBE */
-0x67,0x2A,0x00,0x4E, /* [4211] OBJ_setct_CertReqTBEX */
-0x67,0x2A,0x00,0x4F, /* [4215] OBJ_setct_CertResTBE */
-0x67,0x2A,0x00,0x50, /* [4219] OBJ_setct_CRLNotificationTBS */
-0x67,0x2A,0x00,0x51, /* [4223] OBJ_setct_CRLNotificationResTBS */
-0x67,0x2A,0x00,0x52, /* [4227] OBJ_setct_BCIDistributionTBS */
-0x67,0x2A,0x01,0x01, /* [4231] OBJ_setext_genCrypt */
-0x67,0x2A,0x01,0x03, /* [4235] OBJ_setext_miAuth */
-0x67,0x2A,0x01,0x04, /* [4239] OBJ_setext_pinSecure */
-0x67,0x2A,0x01,0x05, /* [4243] OBJ_setext_pinAny */
-0x67,0x2A,0x01,0x07, /* [4247] OBJ_setext_track2 */
-0x67,0x2A,0x01,0x08, /* [4251] OBJ_setext_cv */
-0x67,0x2A,0x05,0x00, /* [4255] OBJ_set_policy_root */
-0x67,0x2A,0x07,0x00, /* [4259] OBJ_setCext_hashedRoot */
-0x67,0x2A,0x07,0x01, /* [4263] OBJ_setCext_certType */
-0x67,0x2A,0x07,0x02, /* [4267] OBJ_setCext_merchData */
-0x67,0x2A,0x07,0x03, /* [4271] OBJ_setCext_cCertRequired */
-0x67,0x2A,0x07,0x04, /* [4275] OBJ_setCext_tunneling */
-0x67,0x2A,0x07,0x05, /* [4279] OBJ_setCext_setExt */
-0x67,0x2A,0x07,0x06, /* [4283] OBJ_setCext_setQualf */
-0x67,0x2A,0x07,0x07, /* [4287] OBJ_setCext_PGWYcapabilities */
-0x67,0x2A,0x07,0x08, /* [4291] OBJ_setCext_TokenIdentifier */
-0x67,0x2A,0x07,0x09, /* [4295] OBJ_setCext_Track2Data */
-0x67,0x2A,0x07,0x0A, /* [4299] OBJ_setCext_TokenType */
-0x67,0x2A,0x07,0x0B, /* [4303] OBJ_setCext_IssuerCapabilities */
-0x67,0x2A,0x03,0x00, /* [4307] OBJ_setAttr_Cert */
-0x67,0x2A,0x03,0x01, /* [4311] OBJ_setAttr_PGWYcap */
-0x67,0x2A,0x03,0x02, /* [4315] OBJ_setAttr_TokenType */
-0x67,0x2A,0x03,0x03, /* [4319] OBJ_setAttr_IssCap */
-0x67,0x2A,0x03,0x00,0x00, /* [4323] OBJ_set_rootKeyThumb */
-0x67,0x2A,0x03,0x00,0x01, /* [4328] OBJ_set_addPolicy */
-0x67,0x2A,0x03,0x02,0x01, /* [4333] OBJ_setAttr_Token_EMV */
-0x67,0x2A,0x03,0x02,0x02, /* [4338] OBJ_setAttr_Token_B0Prime */
-0x67,0x2A,0x03,0x03,0x03, /* [4343] OBJ_setAttr_IssCap_CVM */
-0x67,0x2A,0x03,0x03,0x04, /* [4348] OBJ_setAttr_IssCap_T2 */
-0x67,0x2A,0x03,0x03,0x05, /* [4353] OBJ_setAttr_IssCap_Sig */
-0x67,0x2A,0x03,0x03,0x03,0x01, /* [4358] OBJ_setAttr_GenCryptgrm */
-0x67,0x2A,0x03,0x03,0x04,0x01, /* [4364] OBJ_setAttr_T2Enc */
-0x67,0x2A,0x03,0x03,0x04,0x02, /* [4370] OBJ_setAttr_T2cleartxt */
-0x67,0x2A,0x03,0x03,0x05,0x01, /* [4376] OBJ_setAttr_TokICCsig */
-0x67,0x2A,0x03,0x03,0x05,0x02, /* [4382] OBJ_setAttr_SecDevSig */
-0x67,0x2A,0x08,0x01, /* [4388] OBJ_set_brand_IATA_ATA */
-0x67,0x2A,0x08,0x1E, /* [4392] OBJ_set_brand_Diners */
-0x67,0x2A,0x08,0x22, /* [4396] OBJ_set_brand_AmericanExpress */
-0x67,0x2A,0x08,0x23, /* [4400] OBJ_set_brand_JCB */
-0x67,0x2A,0x08,0x04, /* [4404] OBJ_set_brand_Visa */
-0x67,0x2A,0x08,0x05, /* [4408] OBJ_set_brand_MasterCard */
-0x67,0x2A,0x08,0xAE,0x7B, /* [4412] OBJ_set_brand_Novus */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x0A, /* [4417] OBJ_des_cdmf */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x06,/* [4425] OBJ_rsaOAEPEncryptionSET */
-0x00, /* [4434] OBJ_itu_t */
-0x50, /* [4435] OBJ_joint_iso_itu_t */
-0x67, /* [4436] OBJ_international_organizations */
-0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x02,/* [4437] OBJ_ms_smartcard_login */
-0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x03,/* [4447] OBJ_ms_upn */
-0x55,0x04,0x09, /* [4457] OBJ_streetAddress */
-0x55,0x04,0x11, /* [4460] OBJ_postalCode */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x15, /* [4463] OBJ_id_ppl */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0E, /* [4470] OBJ_proxyCertInfo */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x00, /* [4478] OBJ_id_ppl_anyLanguage */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x01, /* [4486] OBJ_id_ppl_inheritAll */
-0x55,0x1D,0x1E, /* [4494] OBJ_name_constraints */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x02, /* [4497] OBJ_Independent */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0B,/* [4505] OBJ_sha256WithRSAEncryption */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0C,/* [4514] OBJ_sha384WithRSAEncryption */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0D,/* [4523] OBJ_sha512WithRSAEncryption */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0E,/* [4532] OBJ_sha224WithRSAEncryption */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,/* [4541] OBJ_sha256 */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x02,/* [4550] OBJ_sha384 */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x03,/* [4559] OBJ_sha512 */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x04,/* [4568] OBJ_sha224 */
-0x2B, /* [4577] OBJ_identified_organization */
-0x2B,0x81,0x04, /* [4578] OBJ_certicom_arc */
-0x67,0x2B, /* [4581] OBJ_wap */
-0x67,0x2B,0x0D, /* [4583] OBJ_wap_wsg */
-0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03, /* [4586] OBJ_X9_62_id_characteristic_two_basis */
-0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x01,/* [4594] OBJ_X9_62_onBasis */
-0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x02,/* [4603] OBJ_X9_62_tpBasis */
-0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x03,/* [4612] OBJ_X9_62_ppBasis */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x01, /* [4621] OBJ_X9_62_c2pnb163v1 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x02, /* [4629] OBJ_X9_62_c2pnb163v2 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x03, /* [4637] OBJ_X9_62_c2pnb163v3 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x04, /* [4645] OBJ_X9_62_c2pnb176v1 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x05, /* [4653] OBJ_X9_62_c2tnb191v1 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x06, /* [4661] OBJ_X9_62_c2tnb191v2 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x07, /* [4669] OBJ_X9_62_c2tnb191v3 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x08, /* [4677] OBJ_X9_62_c2onb191v4 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x09, /* [4685] OBJ_X9_62_c2onb191v5 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0A, /* [4693] OBJ_X9_62_c2pnb208w1 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0B, /* [4701] OBJ_X9_62_c2tnb239v1 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0C, /* [4709] OBJ_X9_62_c2tnb239v2 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0D, /* [4717] OBJ_X9_62_c2tnb239v3 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0E, /* [4725] OBJ_X9_62_c2onb239v4 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0F, /* [4733] OBJ_X9_62_c2onb239v5 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x10, /* [4741] OBJ_X9_62_c2pnb272w1 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x11, /* [4749] OBJ_X9_62_c2pnb304w1 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x12, /* [4757] OBJ_X9_62_c2tnb359v1 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x13, /* [4765] OBJ_X9_62_c2pnb368w1 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x14, /* [4773] OBJ_X9_62_c2tnb431r1 */
-0x2B,0x81,0x04,0x00,0x06, /* [4781] OBJ_secp112r1 */
-0x2B,0x81,0x04,0x00,0x07, /* [4786] OBJ_secp112r2 */
-0x2B,0x81,0x04,0x00,0x1C, /* [4791] OBJ_secp128r1 */
-0x2B,0x81,0x04,0x00,0x1D, /* [4796] OBJ_secp128r2 */
-0x2B,0x81,0x04,0x00,0x09, /* [4801] OBJ_secp160k1 */
-0x2B,0x81,0x04,0x00,0x08, /* [4806] OBJ_secp160r1 */
-0x2B,0x81,0x04,0x00,0x1E, /* [4811] OBJ_secp160r2 */
-0x2B,0x81,0x04,0x00,0x1F, /* [4816] OBJ_secp192k1 */
-0x2B,0x81,0x04,0x00,0x20, /* [4821] OBJ_secp224k1 */
-0x2B,0x81,0x04,0x00,0x21, /* [4826] OBJ_secp224r1 */
-0x2B,0x81,0x04,0x00,0x0A, /* [4831] OBJ_secp256k1 */
-0x2B,0x81,0x04,0x00,0x22, /* [4836] OBJ_secp384r1 */
-0x2B,0x81,0x04,0x00,0x23, /* [4841] OBJ_secp521r1 */
-0x2B,0x81,0x04,0x00,0x04, /* [4846] OBJ_sect113r1 */
-0x2B,0x81,0x04,0x00,0x05, /* [4851] OBJ_sect113r2 */
-0x2B,0x81,0x04,0x00,0x16, /* [4856] OBJ_sect131r1 */
-0x2B,0x81,0x04,0x00,0x17, /* [4861] OBJ_sect131r2 */
-0x2B,0x81,0x04,0x00,0x01, /* [4866] OBJ_sect163k1 */
-0x2B,0x81,0x04,0x00,0x02, /* [4871] OBJ_sect163r1 */
-0x2B,0x81,0x04,0x00,0x0F, /* [4876] OBJ_sect163r2 */
-0x2B,0x81,0x04,0x00,0x18, /* [4881] OBJ_sect193r1 */
-0x2B,0x81,0x04,0x00,0x19, /* [4886] OBJ_sect193r2 */
-0x2B,0x81,0x04,0x00,0x1A, /* [4891] OBJ_sect233k1 */
-0x2B,0x81,0x04,0x00,0x1B, /* [4896] OBJ_sect233r1 */
-0x2B,0x81,0x04,0x00,0x03, /* [4901] OBJ_sect239k1 */
-0x2B,0x81,0x04,0x00,0x10, /* [4906] OBJ_sect283k1 */
-0x2B,0x81,0x04,0x00,0x11, /* [4911] OBJ_sect283r1 */
-0x2B,0x81,0x04,0x00,0x24, /* [4916] OBJ_sect409k1 */
-0x2B,0x81,0x04,0x00,0x25, /* [4921] OBJ_sect409r1 */
-0x2B,0x81,0x04,0x00,0x26, /* [4926] OBJ_sect571k1 */
-0x2B,0x81,0x04,0x00,0x27, /* [4931] OBJ_sect571r1 */
-0x67,0x2B,0x0D,0x04,0x01, /* [4936] OBJ_wap_wsg_idm_ecid_wtls1 */
-0x67,0x2B,0x0D,0x04,0x03, /* [4941] OBJ_wap_wsg_idm_ecid_wtls3 */
-0x67,0x2B,0x0D,0x04,0x04, /* [4946] OBJ_wap_wsg_idm_ecid_wtls4 */
-0x67,0x2B,0x0D,0x04,0x05, /* [4951] OBJ_wap_wsg_idm_ecid_wtls5 */
-0x67,0x2B,0x0D,0x04,0x06, /* [4956] OBJ_wap_wsg_idm_ecid_wtls6 */
-0x67,0x2B,0x0D,0x04,0x07, /* [4961] OBJ_wap_wsg_idm_ecid_wtls7 */
-0x67,0x2B,0x0D,0x04,0x08, /* [4966] OBJ_wap_wsg_idm_ecid_wtls8 */
-0x67,0x2B,0x0D,0x04,0x09, /* [4971] OBJ_wap_wsg_idm_ecid_wtls9 */
-0x67,0x2B,0x0D,0x04,0x0A, /* [4976] OBJ_wap_wsg_idm_ecid_wtls10 */
-0x67,0x2B,0x0D,0x04,0x0B, /* [4981] OBJ_wap_wsg_idm_ecid_wtls11 */
-0x67,0x2B,0x0D,0x04,0x0C, /* [4986] OBJ_wap_wsg_idm_ecid_wtls12 */
-0x55,0x1D,0x20,0x00, /* [4991] OBJ_any_policy */
-0x55,0x1D,0x21, /* [4995] OBJ_policy_mappings */
-0x55,0x1D,0x36, /* [4998] OBJ_inhibit_any_policy */
-0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x01,0x02,/* [5001] OBJ_camellia_128_cbc */
-0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x01,0x03,/* [5012] OBJ_camellia_192_cbc */
-0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x01,0x04,/* [5023] OBJ_camellia_256_cbc */
-0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x01, /* [5034] OBJ_camellia_128_ecb */
-0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x15, /* [5042] OBJ_camellia_192_ecb */
-0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x29, /* [5050] OBJ_camellia_256_ecb */
-0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x04, /* [5058] OBJ_camellia_128_cfb128 */
-0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x18, /* [5066] OBJ_camellia_192_cfb128 */
-0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2C, /* [5074] OBJ_camellia_256_cfb128 */
-0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x03, /* [5082] OBJ_camellia_128_ofb128 */
-0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x17, /* [5090] OBJ_camellia_192_ofb128 */
-0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2B, /* [5098] OBJ_camellia_256_ofb128 */
-0x55,0x1D,0x09, /* [5106] OBJ_subject_directory_attributes */
-0x55,0x1D,0x1C, /* [5109] OBJ_issuing_distribution_point */
-0x55,0x1D,0x1D, /* [5112] OBJ_certificate_issuer */
-0x2A,0x83,0x1A,0x8C,0x9A,0x44, /* [5115] OBJ_kisa */
-0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x03, /* [5121] OBJ_seed_ecb */
-0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x04, /* [5129] OBJ_seed_cbc */
-0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x06, /* [5137] OBJ_seed_ofb128 */
-0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x05, /* [5145] OBJ_seed_cfb128 */
-0x2B,0x06,0x01,0x05,0x05,0x08,0x01,0x01, /* [5153] OBJ_hmac_md5 */
-0x2B,0x06,0x01,0x05,0x05,0x08,0x01,0x02, /* [5161] OBJ_hmac_sha1 */
-0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x0D,/* [5169] OBJ_id_PasswordBasedMAC */
-0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x1E,/* [5178] OBJ_id_DHBasedMac */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x10, /* [5187] OBJ_id_it_suppLangTags */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x05, /* [5195] OBJ_caRepository */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x08,/* [623] OBJ_zlib_compression */
+0x55,0x1D,0x25, /* [634] OBJ_ext_key_usage */
+0x2B,0x06,0x01,0x05,0x05,0x07, /* [637] OBJ_id_pkix */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x03, /* [643] OBJ_id_kp */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x01, /* [650] OBJ_server_auth */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x02, /* [658] OBJ_client_auth */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x03, /* [666] OBJ_code_sign */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x04, /* [674] OBJ_email_protect */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x08, /* [682] OBJ_time_stamp */
+0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x15,/* [690] OBJ_ms_code_ind */
+0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x16,/* [700] OBJ_ms_code_com */
+0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x01,/* [710] OBJ_ms_ctl_sign */
+0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x03,/* [720] OBJ_ms_sgc */
+0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x04,/* [730] OBJ_ms_efs */
+0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x04,0x01,/* [740] OBJ_ns_sgc */
+0x55,0x1D,0x1B, /* [749] OBJ_delta_crl */
+0x55,0x1D,0x15, /* [752] OBJ_crl_reason */
+0x55,0x1D,0x18, /* [755] OBJ_invalidity_date */
+0x2B,0x65,0x01,0x04,0x01, /* [758] OBJ_sxnet */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x01,/* [763] OBJ_pbe_WithSHA1And128BitRC4 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x02,/* [773] OBJ_pbe_WithSHA1And40BitRC4 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x03,/* [783] OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x04,/* [793] OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x05,/* [803] OBJ_pbe_WithSHA1And128BitRC2_CBC */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x06,/* [813] OBJ_pbe_WithSHA1And40BitRC2_CBC */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x01,/* [823] OBJ_keyBag */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x02,/* [834] OBJ_pkcs8ShroudedKeyBag */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x03,/* [845] OBJ_certBag */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x04,/* [856] OBJ_crlBag */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x05,/* [867] OBJ_secretBag */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x06,/* [878] OBJ_safeContentsBag */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x14,/* [889] OBJ_friendlyName */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x15,/* [898] OBJ_localKeyID */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x16,0x01,/* [907] OBJ_x509Certificate */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x16,0x02,/* [917] OBJ_sdsiCertificate */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x17,0x01,/* [927] OBJ_x509Crl */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0D,/* [937] OBJ_pbes2 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0E,/* [946] OBJ_pbmac1 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x07, /* [955] OBJ_hmacWithSHA1 */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x01, /* [963] OBJ_id_qt_cps */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x02, /* [971] OBJ_id_qt_unotice */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x0F,/* [979] OBJ_SMIMECapabilities */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x04,/* [988] OBJ_pbeWithMD2AndRC2_CBC */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x06,/* [997] OBJ_pbeWithMD5AndRC2_CBC */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0A,/* [1006] OBJ_pbeWithSHA1AndDES_CBC */
+0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x0E,/* [1015] OBJ_ms_ext_req */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x0E,/* [1025] OBJ_ext_req */
+0x55,0x04,0x29, /* [1034] OBJ_name */
+0x55,0x04,0x2E, /* [1037] OBJ_dnQualifier */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x01, /* [1040] OBJ_id_pe */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30, /* [1047] OBJ_id_ad */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x01, /* [1054] OBJ_info_access */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01, /* [1062] OBJ_ad_OCSP */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x02, /* [1070] OBJ_ad_ca_issuers */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x09, /* [1078] OBJ_OCSP_sign */
+0x28, /* [1086] OBJ_iso */
+0x2A, /* [1087] OBJ_member_body */
+0x2A,0x86,0x48, /* [1088] OBJ_ISO_US */
+0x2A,0x86,0x48,0xCE,0x38, /* [1091] OBJ_X9_57 */
+0x2A,0x86,0x48,0xCE,0x38,0x04, /* [1096] OBJ_X9cm */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01, /* [1102] OBJ_pkcs1 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05, /* [1110] OBJ_pkcs5 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,/* [1118] OBJ_SMIME */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,/* [1127] OBJ_id_smime_mod */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,/* [1137] OBJ_id_smime_ct */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,/* [1147] OBJ_id_smime_aa */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,/* [1157] OBJ_id_smime_alg */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x04,/* [1167] OBJ_id_smime_cd */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,/* [1177] OBJ_id_smime_spq */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,/* [1187] OBJ_id_smime_cti */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x01,/* [1197] OBJ_id_smime_mod_cms */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x02,/* [1208] OBJ_id_smime_mod_ess */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x03,/* [1219] OBJ_id_smime_mod_oid */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x04,/* [1230] OBJ_id_smime_mod_msg_v3 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x05,/* [1241] OBJ_id_smime_mod_ets_eSignature_88 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x06,/* [1252] OBJ_id_smime_mod_ets_eSignature_97 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x07,/* [1263] OBJ_id_smime_mod_ets_eSigPolicy_88 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x08,/* [1274] OBJ_id_smime_mod_ets_eSigPolicy_97 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x01,/* [1285] OBJ_id_smime_ct_receipt */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x02,/* [1296] OBJ_id_smime_ct_authData */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x03,/* [1307] OBJ_id_smime_ct_publishCert */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x04,/* [1318] OBJ_id_smime_ct_TSTInfo */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x05,/* [1329] OBJ_id_smime_ct_TDTInfo */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x06,/* [1340] OBJ_id_smime_ct_contentInfo */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x07,/* [1351] OBJ_id_smime_ct_DVCSRequestData */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x08,/* [1362] OBJ_id_smime_ct_DVCSResponseData */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x01,/* [1373] OBJ_id_smime_aa_receiptRequest */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x02,/* [1384] OBJ_id_smime_aa_securityLabel */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x03,/* [1395] OBJ_id_smime_aa_mlExpandHistory */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x04,/* [1406] OBJ_id_smime_aa_contentHint */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x05,/* [1417] OBJ_id_smime_aa_msgSigDigest */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x06,/* [1428] OBJ_id_smime_aa_encapContentType */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x07,/* [1439] OBJ_id_smime_aa_contentIdentifier */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x08,/* [1450] OBJ_id_smime_aa_macValue */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x09,/* [1461] OBJ_id_smime_aa_equivalentLabels */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0A,/* [1472] OBJ_id_smime_aa_contentReference */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0B,/* [1483] OBJ_id_smime_aa_encrypKeyPref */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0C,/* [1494] OBJ_id_smime_aa_signingCertificate */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0D,/* [1505] OBJ_id_smime_aa_smimeEncryptCerts */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0E,/* [1516] OBJ_id_smime_aa_timeStampToken */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0F,/* [1527] OBJ_id_smime_aa_ets_sigPolicyId */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x10,/* [1538] OBJ_id_smime_aa_ets_commitmentType */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x11,/* [1549] OBJ_id_smime_aa_ets_signerLocation */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x12,/* [1560] OBJ_id_smime_aa_ets_signerAttr */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x13,/* [1571] OBJ_id_smime_aa_ets_otherSigCert */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x14,/* [1582] OBJ_id_smime_aa_ets_contentTimestamp */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x15,/* [1593] OBJ_id_smime_aa_ets_CertificateRefs */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x16,/* [1604] OBJ_id_smime_aa_ets_RevocationRefs */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x17,/* [1615] OBJ_id_smime_aa_ets_certValues */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x18,/* [1626] OBJ_id_smime_aa_ets_revocationValues */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x19,/* [1637] OBJ_id_smime_aa_ets_escTimeStamp */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1A,/* [1648] OBJ_id_smime_aa_ets_certCRLTimestamp */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1B,/* [1659] OBJ_id_smime_aa_ets_archiveTimeStamp */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1C,/* [1670] OBJ_id_smime_aa_signatureType */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1D,/* [1681] OBJ_id_smime_aa_dvcs_dvc */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x01,/* [1692] OBJ_id_smime_alg_ESDHwith3DES */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x02,/* [1703] OBJ_id_smime_alg_ESDHwithRC2 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x03,/* [1714] OBJ_id_smime_alg_3DESwrap */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x04,/* [1725] OBJ_id_smime_alg_RC2wrap */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x05,/* [1736] OBJ_id_smime_alg_ESDH */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x06,/* [1747] OBJ_id_smime_alg_CMS3DESwrap */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x07,/* [1758] OBJ_id_smime_alg_CMSRC2wrap */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x04,0x01,/* [1769] OBJ_id_smime_cd_ldap */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,0x01,/* [1780] OBJ_id_smime_spq_ets_sqt_uri */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,0x02,/* [1791] OBJ_id_smime_spq_ets_sqt_unotice */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x01,/* [1802] OBJ_id_smime_cti_ets_proofOfOrigin */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x02,/* [1813] OBJ_id_smime_cti_ets_proofOfReceipt */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x03,/* [1824] OBJ_id_smime_cti_ets_proofOfDelivery */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x04,/* [1835] OBJ_id_smime_cti_ets_proofOfSender */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x05,/* [1846] OBJ_id_smime_cti_ets_proofOfApproval */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x06,/* [1857] OBJ_id_smime_cti_ets_proofOfCreation */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x04, /* [1868] OBJ_md4 */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x00, /* [1876] OBJ_id_pkix_mod */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x02, /* [1883] OBJ_id_qt */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x04, /* [1890] OBJ_id_it */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x05, /* [1897] OBJ_id_pkip */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x06, /* [1904] OBJ_id_alg */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07, /* [1911] OBJ_id_cmc */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x08, /* [1918] OBJ_id_on */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x09, /* [1925] OBJ_id_pda */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x0A, /* [1932] OBJ_id_aca */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x0B, /* [1939] OBJ_id_qcs */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x0C, /* [1946] OBJ_id_cct */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x01, /* [1953] OBJ_id_pkix1_explicit_88 */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x02, /* [1961] OBJ_id_pkix1_implicit_88 */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x03, /* [1969] OBJ_id_pkix1_explicit_93 */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x04, /* [1977] OBJ_id_pkix1_implicit_93 */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x05, /* [1985] OBJ_id_mod_crmf */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x06, /* [1993] OBJ_id_mod_cmc */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x07, /* [2001] OBJ_id_mod_kea_profile_88 */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x08, /* [2009] OBJ_id_mod_kea_profile_93 */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x09, /* [2017] OBJ_id_mod_cmp */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0A, /* [2025] OBJ_id_mod_qualified_cert_88 */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0B, /* [2033] OBJ_id_mod_qualified_cert_93 */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0C, /* [2041] OBJ_id_mod_attribute_cert */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0D, /* [2049] OBJ_id_mod_timestamp_protocol */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0E, /* [2057] OBJ_id_mod_ocsp */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0F, /* [2065] OBJ_id_mod_dvcs */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x10, /* [2073] OBJ_id_mod_cmp2000 */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x02, /* [2081] OBJ_biometricInfo */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x03, /* [2089] OBJ_qcStatements */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x04, /* [2097] OBJ_ac_auditEntity */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x05, /* [2105] OBJ_ac_targeting */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x06, /* [2113] OBJ_aaControls */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x07, /* [2121] OBJ_sbgp_ipAddrBlock */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x08, /* [2129] OBJ_sbgp_autonomousSysNum */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x09, /* [2137] OBJ_sbgp_routerIdentifier */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x03, /* [2145] OBJ_textNotice */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x05, /* [2153] OBJ_ipsecEndSystem */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x06, /* [2161] OBJ_ipsecTunnel */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x07, /* [2169] OBJ_ipsecUser */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x0A, /* [2177] OBJ_dvcs */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x01, /* [2185] OBJ_id_it_caProtEncCert */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x02, /* [2193] OBJ_id_it_signKeyPairTypes */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x03, /* [2201] OBJ_id_it_encKeyPairTypes */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x04, /* [2209] OBJ_id_it_preferredSymmAlg */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x05, /* [2217] OBJ_id_it_caKeyUpdateInfo */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x06, /* [2225] OBJ_id_it_currentCRL */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x07, /* [2233] OBJ_id_it_unsupportedOIDs */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x08, /* [2241] OBJ_id_it_subscriptionRequest */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x09, /* [2249] OBJ_id_it_subscriptionResponse */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0A, /* [2257] OBJ_id_it_keyPairParamReq */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0B, /* [2265] OBJ_id_it_keyPairParamRep */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0C, /* [2273] OBJ_id_it_revPassphrase */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0D, /* [2281] OBJ_id_it_implicitConfirm */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0E, /* [2289] OBJ_id_it_confirmWaitTime */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0F, /* [2297] OBJ_id_it_origPKIMessage */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01, /* [2305] OBJ_id_regCtrl */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02, /* [2313] OBJ_id_regInfo */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x01,/* [2321] OBJ_id_regCtrl_regToken */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x02,/* [2330] OBJ_id_regCtrl_authenticator */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x03,/* [2339] OBJ_id_regCtrl_pkiPublicationInfo */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x04,/* [2348] OBJ_id_regCtrl_pkiArchiveOptions */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x05,/* [2357] OBJ_id_regCtrl_oldCertID */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x06,/* [2366] OBJ_id_regCtrl_protocolEncrKey */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02,0x01,/* [2375] OBJ_id_regInfo_utf8Pairs */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02,0x02,/* [2384] OBJ_id_regInfo_certReq */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x01, /* [2393] OBJ_id_alg_des40 */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x02, /* [2401] OBJ_id_alg_noSignature */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x03, /* [2409] OBJ_id_alg_dh_sig_hmac_sha1 */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x04, /* [2417] OBJ_id_alg_dh_pop */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x01, /* [2425] OBJ_id_cmc_statusInfo */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x02, /* [2433] OBJ_id_cmc_identification */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x03, /* [2441] OBJ_id_cmc_identityProof */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x04, /* [2449] OBJ_id_cmc_dataReturn */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x05, /* [2457] OBJ_id_cmc_transactionId */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x06, /* [2465] OBJ_id_cmc_senderNonce */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x07, /* [2473] OBJ_id_cmc_recipientNonce */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x08, /* [2481] OBJ_id_cmc_addExtensions */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x09, /* [2489] OBJ_id_cmc_encryptedPOP */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0A, /* [2497] OBJ_id_cmc_decryptedPOP */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0B, /* [2505] OBJ_id_cmc_lraPOPWitness */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0F, /* [2513] OBJ_id_cmc_getCert */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x10, /* [2521] OBJ_id_cmc_getCRL */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x11, /* [2529] OBJ_id_cmc_revokeRequest */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x12, /* [2537] OBJ_id_cmc_regInfo */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x13, /* [2545] OBJ_id_cmc_responseInfo */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x15, /* [2553] OBJ_id_cmc_queryPending */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x16, /* [2561] OBJ_id_cmc_popLinkRandom */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x17, /* [2569] OBJ_id_cmc_popLinkWitness */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x18, /* [2577] OBJ_id_cmc_confirmCertAcceptance */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x08,0x01, /* [2585] OBJ_id_on_personalData */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x01, /* [2593] OBJ_id_pda_dateOfBirth */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x02, /* [2601] OBJ_id_pda_placeOfBirth */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x03, /* [2609] OBJ_id_pda_gender */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x04, /* [2617] OBJ_id_pda_countryOfCitizenship */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x05, /* [2625] OBJ_id_pda_countryOfResidence */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x01, /* [2633] OBJ_id_aca_authenticationInfo */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x02, /* [2641] OBJ_id_aca_accessIdentity */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x03, /* [2649] OBJ_id_aca_chargingIdentity */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x04, /* [2657] OBJ_id_aca_group */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x05, /* [2665] OBJ_id_aca_role */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x0B,0x01, /* [2673] OBJ_id_qcs_pkixQCSyntax_v1 */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x01, /* [2681] OBJ_id_cct_crs */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x02, /* [2689] OBJ_id_cct_PKIData */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x03, /* [2697] OBJ_id_cct_PKIResponse */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x03, /* [2705] OBJ_ad_timeStamping */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x04, /* [2713] OBJ_ad_dvcs */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x01,/* [2721] OBJ_id_pkix_OCSP_basic */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x02,/* [2730] OBJ_id_pkix_OCSP_Nonce */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x03,/* [2739] OBJ_id_pkix_OCSP_CrlID */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x04,/* [2748] OBJ_id_pkix_OCSP_acceptableResponses */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x05,/* [2757] OBJ_id_pkix_OCSP_noCheck */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x06,/* [2766] OBJ_id_pkix_OCSP_archiveCutoff */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x07,/* [2775] OBJ_id_pkix_OCSP_serviceLocator */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x08,/* [2784] OBJ_id_pkix_OCSP_extendedStatus */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x09,/* [2793] OBJ_id_pkix_OCSP_valid */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x0A,/* [2802] OBJ_id_pkix_OCSP_path */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x0B,/* [2811] OBJ_id_pkix_OCSP_trustRoot */
+0x2B,0x0E,0x03,0x02, /* [2820] OBJ_algorithm */
+0x2B,0x0E,0x03,0x02,0x0B, /* [2824] OBJ_rsaSignature */
+0x55,0x08, /* [2829] OBJ_X500algorithms */
+0x2B, /* [2831] OBJ_org */
+0x2B,0x06, /* [2832] OBJ_dod */
+0x2B,0x06,0x01, /* [2834] OBJ_iana */
+0x2B,0x06,0x01,0x01, /* [2837] OBJ_Directory */
+0x2B,0x06,0x01,0x02, /* [2841] OBJ_Management */
+0x2B,0x06,0x01,0x03, /* [2845] OBJ_Experimental */
+0x2B,0x06,0x01,0x04, /* [2849] OBJ_Private */
+0x2B,0x06,0x01,0x05, /* [2853] OBJ_Security */
+0x2B,0x06,0x01,0x06, /* [2857] OBJ_SNMPv2 */
+0x2B,0x06,0x01,0x07, /* [2861] OBJ_Mail */
+0x2B,0x06,0x01,0x04,0x01, /* [2865] OBJ_Enterprises */
+0x2B,0x06,0x01,0x04,0x01,0x8B,0x3A,0x82,0x58,/* [2870] OBJ_dcObject */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x19,/* [2879] OBJ_domainComponent */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0D,/* [2889] OBJ_Domain */
+0x00, /* [2899] OBJ_joint_iso_ccitt */
+0x55,0x01,0x05, /* [2900] OBJ_selected_attribute_types */
+0x55,0x01,0x05,0x37, /* [2903] OBJ_clearance */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x03,/* [2907] OBJ_md4WithRSAEncryption */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0A, /* [2916] OBJ_ac_proxying */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0B, /* [2924] OBJ_sinfo_access */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x06, /* [2932] OBJ_id_aca_encAttrs */
+0x55,0x04,0x48, /* [2940] OBJ_role */
+0x55,0x1D,0x24, /* [2943] OBJ_policy_constraints */
+0x55,0x1D,0x37, /* [2946] OBJ_target_information */
+0x55,0x1D,0x38, /* [2949] OBJ_no_rev_avail */
+0x00, /* [2952] OBJ_ccitt */
+0x2A,0x86,0x48,0xCE,0x3D, /* [2953] OBJ_ansi_X9_62 */
+0x2A,0x86,0x48,0xCE,0x3D,0x01,0x01, /* [2958] OBJ_X9_62_prime_field */
+0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02, /* [2965] OBJ_X9_62_characteristic_two_field */
+0x2A,0x86,0x48,0xCE,0x3D,0x02,0x01, /* [2972] OBJ_X9_62_id_ecPublicKey */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x01, /* [2979] OBJ_X9_62_prime192v1 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x02, /* [2987] OBJ_X9_62_prime192v2 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x03, /* [2995] OBJ_X9_62_prime192v3 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x04, /* [3003] OBJ_X9_62_prime239v1 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x05, /* [3011] OBJ_X9_62_prime239v2 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x06, /* [3019] OBJ_X9_62_prime239v3 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x07, /* [3027] OBJ_X9_62_prime256v1 */
+0x2A,0x86,0x48,0xCE,0x3D,0x04,0x01, /* [3035] OBJ_ecdsa_with_SHA1 */
+0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x11,0x01,/* [3042] OBJ_ms_csp_name */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x01,/* [3051] OBJ_aes_128_ecb */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x02,/* [3060] OBJ_aes_128_cbc */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x03,/* [3069] OBJ_aes_128_ofb128 */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x04,/* [3078] OBJ_aes_128_cfb128 */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x15,/* [3087] OBJ_aes_192_ecb */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x16,/* [3096] OBJ_aes_192_cbc */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x17,/* [3105] OBJ_aes_192_ofb128 */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x18,/* [3114] OBJ_aes_192_cfb128 */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x29,/* [3123] OBJ_aes_256_ecb */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2A,/* [3132] OBJ_aes_256_cbc */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2B,/* [3141] OBJ_aes_256_ofb128 */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2C,/* [3150] OBJ_aes_256_cfb128 */
+0x55,0x1D,0x17, /* [3159] OBJ_hold_instruction_code */
+0x2A,0x86,0x48,0xCE,0x38,0x02,0x01, /* [3162] OBJ_hold_instruction_none */
+0x2A,0x86,0x48,0xCE,0x38,0x02,0x02, /* [3169] OBJ_hold_instruction_call_issuer */
+0x2A,0x86,0x48,0xCE,0x38,0x02,0x03, /* [3176] OBJ_hold_instruction_reject */
+0x09, /* [3183] OBJ_data */
+0x09,0x92,0x26, /* [3184] OBJ_pss */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C, /* [3187] OBJ_ucl */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64, /* [3194] OBJ_pilot */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,/* [3202] OBJ_pilotAttributeType */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,/* [3211] OBJ_pilotAttributeSyntax */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,/* [3220] OBJ_pilotObjectClass */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x0A,/* [3229] OBJ_pilotGroups */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,0x04,/* [3238] OBJ_iA5StringSyntax */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,0x05,/* [3248] OBJ_caseIgnoreIA5StringSyntax */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x03,/* [3258] OBJ_pilotObject */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x04,/* [3268] OBJ_pilotPerson */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x05,/* [3278] OBJ_account */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x06,/* [3288] OBJ_document */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x07,/* [3298] OBJ_room */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x09,/* [3308] OBJ_documentSeries */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0E,/* [3318] OBJ_rFC822localPart */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0F,/* [3328] OBJ_dNSDomain */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x11,/* [3338] OBJ_domainRelatedObject */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x12,/* [3348] OBJ_friendlyCountry */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x13,/* [3358] OBJ_simpleSecurityObject */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x14,/* [3368] OBJ_pilotOrganization */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x15,/* [3378] OBJ_pilotDSA */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x16,/* [3388] OBJ_qualityLabelledData */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x01,/* [3398] OBJ_userId */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x02,/* [3408] OBJ_textEncodedORAddress */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x03,/* [3418] OBJ_rfc822Mailbox */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x04,/* [3428] OBJ_info */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x05,/* [3438] OBJ_favouriteDrink */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x06,/* [3448] OBJ_roomNumber */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x07,/* [3458] OBJ_photo */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x08,/* [3468] OBJ_userClass */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x09,/* [3478] OBJ_host */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0A,/* [3488] OBJ_manager */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0B,/* [3498] OBJ_documentIdentifier */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0C,/* [3508] OBJ_documentTitle */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0D,/* [3518] OBJ_documentVersion */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0E,/* [3528] OBJ_documentAuthor */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0F,/* [3538] OBJ_documentLocation */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x14,/* [3548] OBJ_homeTelephoneNumber */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x15,/* [3558] OBJ_secretary */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x16,/* [3568] OBJ_otherMailbox */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x17,/* [3578] OBJ_lastModifiedTime */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x18,/* [3588] OBJ_lastModifiedBy */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1A,/* [3598] OBJ_aRecord */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1B,/* [3608] OBJ_pilotAttributeType27 */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1C,/* [3618] OBJ_mXRecord */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1D,/* [3628] OBJ_nSRecord */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1E,/* [3638] OBJ_sOARecord */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1F,/* [3648] OBJ_cNAMERecord */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x25,/* [3658] OBJ_associatedDomain */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x26,/* [3668] OBJ_associatedName */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x27,/* [3678] OBJ_homePostalAddress */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x28,/* [3688] OBJ_personalTitle */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x29,/* [3698] OBJ_mobileTelephoneNumber */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2A,/* [3708] OBJ_pagerTelephoneNumber */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2B,/* [3718] OBJ_friendlyCountryName */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2D,/* [3728] OBJ_organizationalStatus */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2E,/* [3738] OBJ_janetMailbox */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2F,/* [3748] OBJ_mailPreferenceOption */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x30,/* [3758] OBJ_buildingName */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x31,/* [3768] OBJ_dSAQuality */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x32,/* [3778] OBJ_singleLevelQuality */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x33,/* [3788] OBJ_subtreeMinimumQuality */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x34,/* [3798] OBJ_subtreeMaximumQuality */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x35,/* [3808] OBJ_personalSignature */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x36,/* [3818] OBJ_dITRedirect */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x37,/* [3828] OBJ_audio */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x38,/* [3838] OBJ_documentPublisher */
+0x55,0x04,0x2D, /* [3848] OBJ_x500UniqueIdentifier */
+0x2B,0x06,0x01,0x07,0x01, /* [3851] OBJ_mime_mhs */
+0x2B,0x06,0x01,0x07,0x01,0x01, /* [3856] OBJ_mime_mhs_headings */
+0x2B,0x06,0x01,0x07,0x01,0x02, /* [3862] OBJ_mime_mhs_bodies */
+0x2B,0x06,0x01,0x07,0x01,0x01,0x01, /* [3868] OBJ_id_hex_partial_message */
+0x2B,0x06,0x01,0x07,0x01,0x01,0x02, /* [3875] OBJ_id_hex_multipart_message */
+0x55,0x04,0x2C, /* [3882] OBJ_generationQualifier */
+0x55,0x04,0x41, /* [3885] OBJ_pseudonym */
+0x67,0x2A, /* [3888] OBJ_id_set */
+0x67,0x2A,0x00, /* [3890] OBJ_set_ctype */
+0x67,0x2A,0x01, /* [3893] OBJ_set_msgExt */
+0x67,0x2A,0x03, /* [3896] OBJ_set_attr */
+0x67,0x2A,0x05, /* [3899] OBJ_set_policy */
+0x67,0x2A,0x07, /* [3902] OBJ_set_certExt */
+0x67,0x2A,0x08, /* [3905] OBJ_set_brand */
+0x67,0x2A,0x00,0x00, /* [3908] OBJ_setct_PANData */
+0x67,0x2A,0x00,0x01, /* [3912] OBJ_setct_PANToken */
+0x67,0x2A,0x00,0x02, /* [3916] OBJ_setct_PANOnly */
+0x67,0x2A,0x00,0x03, /* [3920] OBJ_setct_OIData */
+0x67,0x2A,0x00,0x04, /* [3924] OBJ_setct_PI */
+0x67,0x2A,0x00,0x05, /* [3928] OBJ_setct_PIData */
+0x67,0x2A,0x00,0x06, /* [3932] OBJ_setct_PIDataUnsigned */
+0x67,0x2A,0x00,0x07, /* [3936] OBJ_setct_HODInput */
+0x67,0x2A,0x00,0x08, /* [3940] OBJ_setct_AuthResBaggage */
+0x67,0x2A,0x00,0x09, /* [3944] OBJ_setct_AuthRevReqBaggage */
+0x67,0x2A,0x00,0x0A, /* [3948] OBJ_setct_AuthRevResBaggage */
+0x67,0x2A,0x00,0x0B, /* [3952] OBJ_setct_CapTokenSeq */
+0x67,0x2A,0x00,0x0C, /* [3956] OBJ_setct_PInitResData */
+0x67,0x2A,0x00,0x0D, /* [3960] OBJ_setct_PI_TBS */
+0x67,0x2A,0x00,0x0E, /* [3964] OBJ_setct_PResData */
+0x67,0x2A,0x00,0x10, /* [3968] OBJ_setct_AuthReqTBS */
+0x67,0x2A,0x00,0x11, /* [3972] OBJ_setct_AuthResTBS */
+0x67,0x2A,0x00,0x12, /* [3976] OBJ_setct_AuthResTBSX */
+0x67,0x2A,0x00,0x13, /* [3980] OBJ_setct_AuthTokenTBS */
+0x67,0x2A,0x00,0x14, /* [3984] OBJ_setct_CapTokenData */
+0x67,0x2A,0x00,0x15, /* [3988] OBJ_setct_CapTokenTBS */
+0x67,0x2A,0x00,0x16, /* [3992] OBJ_setct_AcqCardCodeMsg */
+0x67,0x2A,0x00,0x17, /* [3996] OBJ_setct_AuthRevReqTBS */
+0x67,0x2A,0x00,0x18, /* [4000] OBJ_setct_AuthRevResData */
+0x67,0x2A,0x00,0x19, /* [4004] OBJ_setct_AuthRevResTBS */
+0x67,0x2A,0x00,0x1A, /* [4008] OBJ_setct_CapReqTBS */
+0x67,0x2A,0x00,0x1B, /* [4012] OBJ_setct_CapReqTBSX */
+0x67,0x2A,0x00,0x1C, /* [4016] OBJ_setct_CapResData */
+0x67,0x2A,0x00,0x1D, /* [4020] OBJ_setct_CapRevReqTBS */
+0x67,0x2A,0x00,0x1E, /* [4024] OBJ_setct_CapRevReqTBSX */
+0x67,0x2A,0x00,0x1F, /* [4028] OBJ_setct_CapRevResData */
+0x67,0x2A,0x00,0x20, /* [4032] OBJ_setct_CredReqTBS */
+0x67,0x2A,0x00,0x21, /* [4036] OBJ_setct_CredReqTBSX */
+0x67,0x2A,0x00,0x22, /* [4040] OBJ_setct_CredResData */
+0x67,0x2A,0x00,0x23, /* [4044] OBJ_setct_CredRevReqTBS */
+0x67,0x2A,0x00,0x24, /* [4048] OBJ_setct_CredRevReqTBSX */
+0x67,0x2A,0x00,0x25, /* [4052] OBJ_setct_CredRevResData */
+0x67,0x2A,0x00,0x26, /* [4056] OBJ_setct_PCertReqData */
+0x67,0x2A,0x00,0x27, /* [4060] OBJ_setct_PCertResTBS */
+0x67,0x2A,0x00,0x28, /* [4064] OBJ_setct_BatchAdminReqData */
+0x67,0x2A,0x00,0x29, /* [4068] OBJ_setct_BatchAdminResData */
+0x67,0x2A,0x00,0x2A, /* [4072] OBJ_setct_CardCInitResTBS */
+0x67,0x2A,0x00,0x2B, /* [4076] OBJ_setct_MeAqCInitResTBS */
+0x67,0x2A,0x00,0x2C, /* [4080] OBJ_setct_RegFormResTBS */
+0x67,0x2A,0x00,0x2D, /* [4084] OBJ_setct_CertReqData */
+0x67,0x2A,0x00,0x2E, /* [4088] OBJ_setct_CertReqTBS */
+0x67,0x2A,0x00,0x2F, /* [4092] OBJ_setct_CertResData */
+0x67,0x2A,0x00,0x30, /* [4096] OBJ_setct_CertInqReqTBS */
+0x67,0x2A,0x00,0x31, /* [4100] OBJ_setct_ErrorTBS */
+0x67,0x2A,0x00,0x32, /* [4104] OBJ_setct_PIDualSignedTBE */
+0x67,0x2A,0x00,0x33, /* [4108] OBJ_setct_PIUnsignedTBE */
+0x67,0x2A,0x00,0x34, /* [4112] OBJ_setct_AuthReqTBE */
+0x67,0x2A,0x00,0x35, /* [4116] OBJ_setct_AuthResTBE */
+0x67,0x2A,0x00,0x36, /* [4120] OBJ_setct_AuthResTBEX */
+0x67,0x2A,0x00,0x37, /* [4124] OBJ_setct_AuthTokenTBE */
+0x67,0x2A,0x00,0x38, /* [4128] OBJ_setct_CapTokenTBE */
+0x67,0x2A,0x00,0x39, /* [4132] OBJ_setct_CapTokenTBEX */
+0x67,0x2A,0x00,0x3A, /* [4136] OBJ_setct_AcqCardCodeMsgTBE */
+0x67,0x2A,0x00,0x3B, /* [4140] OBJ_setct_AuthRevReqTBE */
+0x67,0x2A,0x00,0x3C, /* [4144] OBJ_setct_AuthRevResTBE */
+0x67,0x2A,0x00,0x3D, /* [4148] OBJ_setct_AuthRevResTBEB */
+0x67,0x2A,0x00,0x3E, /* [4152] OBJ_setct_CapReqTBE */
+0x67,0x2A,0x00,0x3F, /* [4156] OBJ_setct_CapReqTBEX */
+0x67,0x2A,0x00,0x40, /* [4160] OBJ_setct_CapResTBE */
+0x67,0x2A,0x00,0x41, /* [4164] OBJ_setct_CapRevReqTBE */
+0x67,0x2A,0x00,0x42, /* [4168] OBJ_setct_CapRevReqTBEX */
+0x67,0x2A,0x00,0x43, /* [4172] OBJ_setct_CapRevResTBE */
+0x67,0x2A,0x00,0x44, /* [4176] OBJ_setct_CredReqTBE */
+0x67,0x2A,0x00,0x45, /* [4180] OBJ_setct_CredReqTBEX */
+0x67,0x2A,0x00,0x46, /* [4184] OBJ_setct_CredResTBE */
+0x67,0x2A,0x00,0x47, /* [4188] OBJ_setct_CredRevReqTBE */
+0x67,0x2A,0x00,0x48, /* [4192] OBJ_setct_CredRevReqTBEX */
+0x67,0x2A,0x00,0x49, /* [4196] OBJ_setct_CredRevResTBE */
+0x67,0x2A,0x00,0x4A, /* [4200] OBJ_setct_BatchAdminReqTBE */
+0x67,0x2A,0x00,0x4B, /* [4204] OBJ_setct_BatchAdminResTBE */
+0x67,0x2A,0x00,0x4C, /* [4208] OBJ_setct_RegFormReqTBE */
+0x67,0x2A,0x00,0x4D, /* [4212] OBJ_setct_CertReqTBE */
+0x67,0x2A,0x00,0x4E, /* [4216] OBJ_setct_CertReqTBEX */
+0x67,0x2A,0x00,0x4F, /* [4220] OBJ_setct_CertResTBE */
+0x67,0x2A,0x00,0x50, /* [4224] OBJ_setct_CRLNotificationTBS */
+0x67,0x2A,0x00,0x51, /* [4228] OBJ_setct_CRLNotificationResTBS */
+0x67,0x2A,0x00,0x52, /* [4232] OBJ_setct_BCIDistributionTBS */
+0x67,0x2A,0x01,0x01, /* [4236] OBJ_setext_genCrypt */
+0x67,0x2A,0x01,0x03, /* [4240] OBJ_setext_miAuth */
+0x67,0x2A,0x01,0x04, /* [4244] OBJ_setext_pinSecure */
+0x67,0x2A,0x01,0x05, /* [4248] OBJ_setext_pinAny */
+0x67,0x2A,0x01,0x07, /* [4252] OBJ_setext_track2 */
+0x67,0x2A,0x01,0x08, /* [4256] OBJ_setext_cv */
+0x67,0x2A,0x05,0x00, /* [4260] OBJ_set_policy_root */
+0x67,0x2A,0x07,0x00, /* [4264] OBJ_setCext_hashedRoot */
+0x67,0x2A,0x07,0x01, /* [4268] OBJ_setCext_certType */
+0x67,0x2A,0x07,0x02, /* [4272] OBJ_setCext_merchData */
+0x67,0x2A,0x07,0x03, /* [4276] OBJ_setCext_cCertRequired */
+0x67,0x2A,0x07,0x04, /* [4280] OBJ_setCext_tunneling */
+0x67,0x2A,0x07,0x05, /* [4284] OBJ_setCext_setExt */
+0x67,0x2A,0x07,0x06, /* [4288] OBJ_setCext_setQualf */
+0x67,0x2A,0x07,0x07, /* [4292] OBJ_setCext_PGWYcapabilities */
+0x67,0x2A,0x07,0x08, /* [4296] OBJ_setCext_TokenIdentifier */
+0x67,0x2A,0x07,0x09, /* [4300] OBJ_setCext_Track2Data */
+0x67,0x2A,0x07,0x0A, /* [4304] OBJ_setCext_TokenType */
+0x67,0x2A,0x07,0x0B, /* [4308] OBJ_setCext_IssuerCapabilities */
+0x67,0x2A,0x03,0x00, /* [4312] OBJ_setAttr_Cert */
+0x67,0x2A,0x03,0x01, /* [4316] OBJ_setAttr_PGWYcap */
+0x67,0x2A,0x03,0x02, /* [4320] OBJ_setAttr_TokenType */
+0x67,0x2A,0x03,0x03, /* [4324] OBJ_setAttr_IssCap */
+0x67,0x2A,0x03,0x00,0x00, /* [4328] OBJ_set_rootKeyThumb */
+0x67,0x2A,0x03,0x00,0x01, /* [4333] OBJ_set_addPolicy */
+0x67,0x2A,0x03,0x02,0x01, /* [4338] OBJ_setAttr_Token_EMV */
+0x67,0x2A,0x03,0x02,0x02, /* [4343] OBJ_setAttr_Token_B0Prime */
+0x67,0x2A,0x03,0x03,0x03, /* [4348] OBJ_setAttr_IssCap_CVM */
+0x67,0x2A,0x03,0x03,0x04, /* [4353] OBJ_setAttr_IssCap_T2 */
+0x67,0x2A,0x03,0x03,0x05, /* [4358] OBJ_setAttr_IssCap_Sig */
+0x67,0x2A,0x03,0x03,0x03,0x01, /* [4363] OBJ_setAttr_GenCryptgrm */
+0x67,0x2A,0x03,0x03,0x04,0x01, /* [4369] OBJ_setAttr_T2Enc */
+0x67,0x2A,0x03,0x03,0x04,0x02, /* [4375] OBJ_setAttr_T2cleartxt */
+0x67,0x2A,0x03,0x03,0x05,0x01, /* [4381] OBJ_setAttr_TokICCsig */
+0x67,0x2A,0x03,0x03,0x05,0x02, /* [4387] OBJ_setAttr_SecDevSig */
+0x67,0x2A,0x08,0x01, /* [4393] OBJ_set_brand_IATA_ATA */
+0x67,0x2A,0x08,0x1E, /* [4397] OBJ_set_brand_Diners */
+0x67,0x2A,0x08,0x22, /* [4401] OBJ_set_brand_AmericanExpress */
+0x67,0x2A,0x08,0x23, /* [4405] OBJ_set_brand_JCB */
+0x67,0x2A,0x08,0x04, /* [4409] OBJ_set_brand_Visa */
+0x67,0x2A,0x08,0x05, /* [4413] OBJ_set_brand_MasterCard */
+0x67,0x2A,0x08,0xAE,0x7B, /* [4417] OBJ_set_brand_Novus */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x0A, /* [4422] OBJ_des_cdmf */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x06,/* [4430] OBJ_rsaOAEPEncryptionSET */
+0x00, /* [4439] OBJ_itu_t */
+0x50, /* [4440] OBJ_joint_iso_itu_t */
+0x67, /* [4441] OBJ_international_organizations */
+0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x02,/* [4442] OBJ_ms_smartcard_login */
+0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x03,/* [4452] OBJ_ms_upn */
+0x55,0x04,0x09, /* [4462] OBJ_streetAddress */
+0x55,0x04,0x11, /* [4465] OBJ_postalCode */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x15, /* [4468] OBJ_id_ppl */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0E, /* [4475] OBJ_proxyCertInfo */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x00, /* [4483] OBJ_id_ppl_anyLanguage */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x01, /* [4491] OBJ_id_ppl_inheritAll */
+0x55,0x1D,0x1E, /* [4499] OBJ_name_constraints */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x02, /* [4502] OBJ_Independent */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0B,/* [4510] OBJ_sha256WithRSAEncryption */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0C,/* [4519] OBJ_sha384WithRSAEncryption */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0D,/* [4528] OBJ_sha512WithRSAEncryption */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0E,/* [4537] OBJ_sha224WithRSAEncryption */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,/* [4546] OBJ_sha256 */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x02,/* [4555] OBJ_sha384 */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x03,/* [4564] OBJ_sha512 */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x04,/* [4573] OBJ_sha224 */
+0x2B, /* [4582] OBJ_identified_organization */
+0x2B,0x81,0x04, /* [4583] OBJ_certicom_arc */
+0x67,0x2B, /* [4586] OBJ_wap */
+0x67,0x2B,0x0D, /* [4588] OBJ_wap_wsg */
+0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03, /* [4591] OBJ_X9_62_id_characteristic_two_basis */
+0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x01,/* [4599] OBJ_X9_62_onBasis */
+0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x02,/* [4608] OBJ_X9_62_tpBasis */
+0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x03,/* [4617] OBJ_X9_62_ppBasis */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x01, /* [4626] OBJ_X9_62_c2pnb163v1 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x02, /* [4634] OBJ_X9_62_c2pnb163v2 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x03, /* [4642] OBJ_X9_62_c2pnb163v3 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x04, /* [4650] OBJ_X9_62_c2pnb176v1 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x05, /* [4658] OBJ_X9_62_c2tnb191v1 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x06, /* [4666] OBJ_X9_62_c2tnb191v2 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x07, /* [4674] OBJ_X9_62_c2tnb191v3 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x08, /* [4682] OBJ_X9_62_c2onb191v4 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x09, /* [4690] OBJ_X9_62_c2onb191v5 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0A, /* [4698] OBJ_X9_62_c2pnb208w1 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0B, /* [4706] OBJ_X9_62_c2tnb239v1 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0C, /* [4714] OBJ_X9_62_c2tnb239v2 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0D, /* [4722] OBJ_X9_62_c2tnb239v3 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0E, /* [4730] OBJ_X9_62_c2onb239v4 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0F, /* [4738] OBJ_X9_62_c2onb239v5 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x10, /* [4746] OBJ_X9_62_c2pnb272w1 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x11, /* [4754] OBJ_X9_62_c2pnb304w1 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x12, /* [4762] OBJ_X9_62_c2tnb359v1 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x13, /* [4770] OBJ_X9_62_c2pnb368w1 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x14, /* [4778] OBJ_X9_62_c2tnb431r1 */
+0x2B,0x81,0x04,0x00,0x06, /* [4786] OBJ_secp112r1 */
+0x2B,0x81,0x04,0x00,0x07, /* [4791] OBJ_secp112r2 */
+0x2B,0x81,0x04,0x00,0x1C, /* [4796] OBJ_secp128r1 */
+0x2B,0x81,0x04,0x00,0x1D, /* [4801] OBJ_secp128r2 */
+0x2B,0x81,0x04,0x00,0x09, /* [4806] OBJ_secp160k1 */
+0x2B,0x81,0x04,0x00,0x08, /* [4811] OBJ_secp160r1 */
+0x2B,0x81,0x04,0x00,0x1E, /* [4816] OBJ_secp160r2 */
+0x2B,0x81,0x04,0x00,0x1F, /* [4821] OBJ_secp192k1 */
+0x2B,0x81,0x04,0x00,0x20, /* [4826] OBJ_secp224k1 */
+0x2B,0x81,0x04,0x00,0x21, /* [4831] OBJ_secp224r1 */
+0x2B,0x81,0x04,0x00,0x0A, /* [4836] OBJ_secp256k1 */
+0x2B,0x81,0x04,0x00,0x22, /* [4841] OBJ_secp384r1 */
+0x2B,0x81,0x04,0x00,0x23, /* [4846] OBJ_secp521r1 */
+0x2B,0x81,0x04,0x00,0x04, /* [4851] OBJ_sect113r1 */
+0x2B,0x81,0x04,0x00,0x05, /* [4856] OBJ_sect113r2 */
+0x2B,0x81,0x04,0x00,0x16, /* [4861] OBJ_sect131r1 */
+0x2B,0x81,0x04,0x00,0x17, /* [4866] OBJ_sect131r2 */
+0x2B,0x81,0x04,0x00,0x01, /* [4871] OBJ_sect163k1 */
+0x2B,0x81,0x04,0x00,0x02, /* [4876] OBJ_sect163r1 */
+0x2B,0x81,0x04,0x00,0x0F, /* [4881] OBJ_sect163r2 */
+0x2B,0x81,0x04,0x00,0x18, /* [4886] OBJ_sect193r1 */
+0x2B,0x81,0x04,0x00,0x19, /* [4891] OBJ_sect193r2 */
+0x2B,0x81,0x04,0x00,0x1A, /* [4896] OBJ_sect233k1 */
+0x2B,0x81,0x04,0x00,0x1B, /* [4901] OBJ_sect233r1 */
+0x2B,0x81,0x04,0x00,0x03, /* [4906] OBJ_sect239k1 */
+0x2B,0x81,0x04,0x00,0x10, /* [4911] OBJ_sect283k1 */
+0x2B,0x81,0x04,0x00,0x11, /* [4916] OBJ_sect283r1 */
+0x2B,0x81,0x04,0x00,0x24, /* [4921] OBJ_sect409k1 */
+0x2B,0x81,0x04,0x00,0x25, /* [4926] OBJ_sect409r1 */
+0x2B,0x81,0x04,0x00,0x26, /* [4931] OBJ_sect571k1 */
+0x2B,0x81,0x04,0x00,0x27, /* [4936] OBJ_sect571r1 */
+0x67,0x2B,0x0D,0x04,0x01, /* [4941] OBJ_wap_wsg_idm_ecid_wtls1 */
+0x67,0x2B,0x0D,0x04,0x03, /* [4946] OBJ_wap_wsg_idm_ecid_wtls3 */
+0x67,0x2B,0x0D,0x04,0x04, /* [4951] OBJ_wap_wsg_idm_ecid_wtls4 */
+0x67,0x2B,0x0D,0x04,0x05, /* [4956] OBJ_wap_wsg_idm_ecid_wtls5 */
+0x67,0x2B,0x0D,0x04,0x06, /* [4961] OBJ_wap_wsg_idm_ecid_wtls6 */
+0x67,0x2B,0x0D,0x04,0x07, /* [4966] OBJ_wap_wsg_idm_ecid_wtls7 */
+0x67,0x2B,0x0D,0x04,0x08, /* [4971] OBJ_wap_wsg_idm_ecid_wtls8 */
+0x67,0x2B,0x0D,0x04,0x09, /* [4976] OBJ_wap_wsg_idm_ecid_wtls9 */
+0x67,0x2B,0x0D,0x04,0x0A, /* [4981] OBJ_wap_wsg_idm_ecid_wtls10 */
+0x67,0x2B,0x0D,0x04,0x0B, /* [4986] OBJ_wap_wsg_idm_ecid_wtls11 */
+0x67,0x2B,0x0D,0x04,0x0C, /* [4991] OBJ_wap_wsg_idm_ecid_wtls12 */
+0x55,0x1D,0x20,0x00, /* [4996] OBJ_any_policy */
+0x55,0x1D,0x21, /* [5000] OBJ_policy_mappings */
+0x55,0x1D,0x36, /* [5003] OBJ_inhibit_any_policy */
+0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x01,0x02,/* [5006] OBJ_camellia_128_cbc */
+0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x01,0x03,/* [5017] OBJ_camellia_192_cbc */
+0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x01,0x04,/* [5028] OBJ_camellia_256_cbc */
+0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x01, /* [5039] OBJ_camellia_128_ecb */
+0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x15, /* [5047] OBJ_camellia_192_ecb */
+0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x29, /* [5055] OBJ_camellia_256_ecb */
+0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x04, /* [5063] OBJ_camellia_128_cfb128 */
+0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x18, /* [5071] OBJ_camellia_192_cfb128 */
+0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2C, /* [5079] OBJ_camellia_256_cfb128 */
+0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x03, /* [5087] OBJ_camellia_128_ofb128 */
+0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x17, /* [5095] OBJ_camellia_192_ofb128 */
+0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2B, /* [5103] OBJ_camellia_256_ofb128 */
+0x55,0x1D,0x09, /* [5111] OBJ_subject_directory_attributes */
+0x55,0x1D,0x1C, /* [5114] OBJ_issuing_distribution_point */
+0x55,0x1D,0x1D, /* [5117] OBJ_certificate_issuer */
+0x2A,0x83,0x1A,0x8C,0x9A,0x44, /* [5120] OBJ_kisa */
+0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x03, /* [5126] OBJ_seed_ecb */
+0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x04, /* [5134] OBJ_seed_cbc */
+0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x06, /* [5142] OBJ_seed_ofb128 */
+0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x05, /* [5150] OBJ_seed_cfb128 */
+0x2B,0x06,0x01,0x05,0x05,0x08,0x01,0x01, /* [5158] OBJ_hmac_md5 */
+0x2B,0x06,0x01,0x05,0x05,0x08,0x01,0x02, /* [5166] OBJ_hmac_sha1 */
+0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x0D,/* [5174] OBJ_id_PasswordBasedMAC */
+0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x1E,/* [5183] OBJ_id_DHBasedMac */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x10, /* [5192] OBJ_id_it_suppLangTags */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x05, /* [5200] OBJ_caRepository */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x09,/* [5208] OBJ_id_smime_ct_compressedData */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x1B,/* [5219] OBJ_id_ct_asciiTextWithCRLF */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x05,/* [5230] OBJ_id_aes128_wrap */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x19,/* [5239] OBJ_id_aes192_wrap */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2D,/* [5248] OBJ_id_aes256_wrap */
};
static ASN1_OBJECT nid_objs[NUM_NID]={
{"RC5-CFB","rc5-cfb",NID_rc5_cfb64,0,NULL,0},
{"RC5-OFB","rc5-ofb",NID_rc5_ofb64,0,NULL,0},
{"RLE","run length compression",NID_rle_compression,6,&(lvalues[617]),0},
-{"ZLIB","zlib compression",NID_zlib_compression,6,&(lvalues[623]),0},
+{"ZLIB","zlib compression",NID_zlib_compression,11,&(lvalues[623]),0},
{"extendedKeyUsage","X509v3 Extended Key Usage",NID_ext_key_usage,3,
- &(lvalues[629]),0},
-{"PKIX","PKIX",NID_id_pkix,6,&(lvalues[632]),0},
-{"id-kp","id-kp",NID_id_kp,7,&(lvalues[638]),0},
+ &(lvalues[634]),0},
+{"PKIX","PKIX",NID_id_pkix,6,&(lvalues[637]),0},
+{"id-kp","id-kp",NID_id_kp,7,&(lvalues[643]),0},
{"serverAuth","TLS Web Server Authentication",NID_server_auth,8,
- &(lvalues[645]),0},
+ &(lvalues[650]),0},
{"clientAuth","TLS Web Client Authentication",NID_client_auth,8,
- &(lvalues[653]),0},
-{"codeSigning","Code Signing",NID_code_sign,8,&(lvalues[661]),0},
+ &(lvalues[658]),0},
+{"codeSigning","Code Signing",NID_code_sign,8,&(lvalues[666]),0},
{"emailProtection","E-mail Protection",NID_email_protect,8,
- &(lvalues[669]),0},
-{"timeStamping","Time Stamping",NID_time_stamp,8,&(lvalues[677]),0},
+ &(lvalues[674]),0},
+{"timeStamping","Time Stamping",NID_time_stamp,8,&(lvalues[682]),0},
{"msCodeInd","Microsoft Individual Code Signing",NID_ms_code_ind,10,
- &(lvalues[685]),0},
+ &(lvalues[690]),0},
{"msCodeCom","Microsoft Commercial Code Signing",NID_ms_code_com,10,
- &(lvalues[695]),0},
+ &(lvalues[700]),0},
{"msCTLSign","Microsoft Trust List Signing",NID_ms_ctl_sign,10,
- &(lvalues[705]),0},
-{"msSGC","Microsoft Server Gated Crypto",NID_ms_sgc,10,&(lvalues[715]),0},
+ &(lvalues[710]),0},
+{"msSGC","Microsoft Server Gated Crypto",NID_ms_sgc,10,&(lvalues[720]),0},
{"msEFS","Microsoft Encrypted File System",NID_ms_efs,10,
- &(lvalues[725]),0},
-{"nsSGC","Netscape Server Gated Crypto",NID_ns_sgc,9,&(lvalues[735]),0},
+ &(lvalues[730]),0},
+{"nsSGC","Netscape Server Gated Crypto",NID_ns_sgc,9,&(lvalues[740]),0},
{"deltaCRL","X509v3 Delta CRL Indicator",NID_delta_crl,3,
- &(lvalues[744]),0},
-{"CRLReason","X509v3 CRL Reason Code",NID_crl_reason,3,&(lvalues[747]),0},
+ &(lvalues[749]),0},
+{"CRLReason","X509v3 CRL Reason Code",NID_crl_reason,3,&(lvalues[752]),0},
{"invalidityDate","Invalidity Date",NID_invalidity_date,3,
- &(lvalues[750]),0},
-{"SXNetID","Strong Extranet ID",NID_sxnet,5,&(lvalues[753]),0},
+ &(lvalues[755]),0},
+{"SXNetID","Strong Extranet ID",NID_sxnet,5,&(lvalues[758]),0},
{"PBE-SHA1-RC4-128","pbeWithSHA1And128BitRC4",
- NID_pbe_WithSHA1And128BitRC4,10,&(lvalues[758]),0},
+ NID_pbe_WithSHA1And128BitRC4,10,&(lvalues[763]),0},
{"PBE-SHA1-RC4-40","pbeWithSHA1And40BitRC4",
- NID_pbe_WithSHA1And40BitRC4,10,&(lvalues[768]),0},
+ NID_pbe_WithSHA1And40BitRC4,10,&(lvalues[773]),0},
{"PBE-SHA1-3DES","pbeWithSHA1And3-KeyTripleDES-CBC",
- NID_pbe_WithSHA1And3_Key_TripleDES_CBC,10,&(lvalues[778]),0},
+ NID_pbe_WithSHA1And3_Key_TripleDES_CBC,10,&(lvalues[783]),0},
{"PBE-SHA1-2DES","pbeWithSHA1And2-KeyTripleDES-CBC",
- NID_pbe_WithSHA1And2_Key_TripleDES_CBC,10,&(lvalues[788]),0},
+ NID_pbe_WithSHA1And2_Key_TripleDES_CBC,10,&(lvalues[793]),0},
{"PBE-SHA1-RC2-128","pbeWithSHA1And128BitRC2-CBC",
- NID_pbe_WithSHA1And128BitRC2_CBC,10,&(lvalues[798]),0},
+ NID_pbe_WithSHA1And128BitRC2_CBC,10,&(lvalues[803]),0},
{"PBE-SHA1-RC2-40","pbeWithSHA1And40BitRC2-CBC",
- NID_pbe_WithSHA1And40BitRC2_CBC,10,&(lvalues[808]),0},
-{"keyBag","keyBag",NID_keyBag,11,&(lvalues[818]),0},
+ NID_pbe_WithSHA1And40BitRC2_CBC,10,&(lvalues[813]),0},
+{"keyBag","keyBag",NID_keyBag,11,&(lvalues[823]),0},
{"pkcs8ShroudedKeyBag","pkcs8ShroudedKeyBag",NID_pkcs8ShroudedKeyBag,
- 11,&(lvalues[829]),0},
-{"certBag","certBag",NID_certBag,11,&(lvalues[840]),0},
-{"crlBag","crlBag",NID_crlBag,11,&(lvalues[851]),0},
-{"secretBag","secretBag",NID_secretBag,11,&(lvalues[862]),0},
+ 11,&(lvalues[834]),0},
+{"certBag","certBag",NID_certBag,11,&(lvalues[845]),0},
+{"crlBag","crlBag",NID_crlBag,11,&(lvalues[856]),0},
+{"secretBag","secretBag",NID_secretBag,11,&(lvalues[867]),0},
{"safeContentsBag","safeContentsBag",NID_safeContentsBag,11,
- &(lvalues[873]),0},
-{"friendlyName","friendlyName",NID_friendlyName,9,&(lvalues[884]),0},
-{"localKeyID","localKeyID",NID_localKeyID,9,&(lvalues[893]),0},
+ &(lvalues[878]),0},
+{"friendlyName","friendlyName",NID_friendlyName,9,&(lvalues[889]),0},
+{"localKeyID","localKeyID",NID_localKeyID,9,&(lvalues[898]),0},
{"x509Certificate","x509Certificate",NID_x509Certificate,10,
- &(lvalues[902]),0},
+ &(lvalues[907]),0},
{"sdsiCertificate","sdsiCertificate",NID_sdsiCertificate,10,
- &(lvalues[912]),0},
-{"x509Crl","x509Crl",NID_x509Crl,10,&(lvalues[922]),0},
-{"PBES2","PBES2",NID_pbes2,9,&(lvalues[932]),0},
-{"PBMAC1","PBMAC1",NID_pbmac1,9,&(lvalues[941]),0},
-{"hmacWithSHA1","hmacWithSHA1",NID_hmacWithSHA1,8,&(lvalues[950]),0},
-{"id-qt-cps","Policy Qualifier CPS",NID_id_qt_cps,8,&(lvalues[958]),0},
+ &(lvalues[917]),0},
+{"x509Crl","x509Crl",NID_x509Crl,10,&(lvalues[927]),0},
+{"PBES2","PBES2",NID_pbes2,9,&(lvalues[937]),0},
+{"PBMAC1","PBMAC1",NID_pbmac1,9,&(lvalues[946]),0},
+{"hmacWithSHA1","hmacWithSHA1",NID_hmacWithSHA1,8,&(lvalues[955]),0},
+{"id-qt-cps","Policy Qualifier CPS",NID_id_qt_cps,8,&(lvalues[963]),0},
{"id-qt-unotice","Policy Qualifier User Notice",NID_id_qt_unotice,8,
- &(lvalues[966]),0},
+ &(lvalues[971]),0},
{"RC2-64-CBC","rc2-64-cbc",NID_rc2_64_cbc,0,NULL,0},
{"SMIME-CAPS","S/MIME Capabilities",NID_SMIMECapabilities,9,
- &(lvalues[974]),0},
+ &(lvalues[979]),0},
{"PBE-MD2-RC2-64","pbeWithMD2AndRC2-CBC",NID_pbeWithMD2AndRC2_CBC,9,
- &(lvalues[983]),0},
+ &(lvalues[988]),0},
{"PBE-MD5-RC2-64","pbeWithMD5AndRC2-CBC",NID_pbeWithMD5AndRC2_CBC,9,
- &(lvalues[992]),0},
+ &(lvalues[997]),0},
{"PBE-SHA1-DES","pbeWithSHA1AndDES-CBC",NID_pbeWithSHA1AndDES_CBC,9,
- &(lvalues[1001]),0},
+ &(lvalues[1006]),0},
{"msExtReq","Microsoft Extension Request",NID_ms_ext_req,10,
- &(lvalues[1010]),0},
-{"extReq","Extension Request",NID_ext_req,9,&(lvalues[1020]),0},
-{"name","name",NID_name,3,&(lvalues[1029]),0},
-{"dnQualifier","dnQualifier",NID_dnQualifier,3,&(lvalues[1032]),0},
-{"id-pe","id-pe",NID_id_pe,7,&(lvalues[1035]),0},
-{"id-ad","id-ad",NID_id_ad,7,&(lvalues[1042]),0},
+ &(lvalues[1015]),0},
+{"extReq","Extension Request",NID_ext_req,9,&(lvalues[1025]),0},
+{"name","name",NID_name,3,&(lvalues[1034]),0},
+{"dnQualifier","dnQualifier",NID_dnQualifier,3,&(lvalues[1037]),0},
+{"id-pe","id-pe",NID_id_pe,7,&(lvalues[1040]),0},
+{"id-ad","id-ad",NID_id_ad,7,&(lvalues[1047]),0},
{"authorityInfoAccess","Authority Information Access",NID_info_access,
- 8,&(lvalues[1049]),0},
-{"OCSP","OCSP",NID_ad_OCSP,8,&(lvalues[1057]),0},
-{"caIssuers","CA Issuers",NID_ad_ca_issuers,8,&(lvalues[1065]),0},
-{"OCSPSigning","OCSP Signing",NID_OCSP_sign,8,&(lvalues[1073]),0},
-{"ISO","iso",NID_iso,1,&(lvalues[1081]),0},
-{"member-body","ISO Member Body",NID_member_body,1,&(lvalues[1082]),0},
-{"ISO-US","ISO US Member Body",NID_ISO_US,3,&(lvalues[1083]),0},
-{"X9-57","X9.57",NID_X9_57,5,&(lvalues[1086]),0},
-{"X9cm","X9.57 CM ?",NID_X9cm,6,&(lvalues[1091]),0},
-{"pkcs1","pkcs1",NID_pkcs1,8,&(lvalues[1097]),0},
-{"pkcs5","pkcs5",NID_pkcs5,8,&(lvalues[1105]),0},
-{"SMIME","S/MIME",NID_SMIME,9,&(lvalues[1113]),0},
-{"id-smime-mod","id-smime-mod",NID_id_smime_mod,10,&(lvalues[1122]),0},
-{"id-smime-ct","id-smime-ct",NID_id_smime_ct,10,&(lvalues[1132]),0},
-{"id-smime-aa","id-smime-aa",NID_id_smime_aa,10,&(lvalues[1142]),0},
-{"id-smime-alg","id-smime-alg",NID_id_smime_alg,10,&(lvalues[1152]),0},
-{"id-smime-cd","id-smime-cd",NID_id_smime_cd,10,&(lvalues[1162]),0},
-{"id-smime-spq","id-smime-spq",NID_id_smime_spq,10,&(lvalues[1172]),0},
-{"id-smime-cti","id-smime-cti",NID_id_smime_cti,10,&(lvalues[1182]),0},
+ 8,&(lvalues[1054]),0},
+{"OCSP","OCSP",NID_ad_OCSP,8,&(lvalues[1062]),0},
+{"caIssuers","CA Issuers",NID_ad_ca_issuers,8,&(lvalues[1070]),0},
+{"OCSPSigning","OCSP Signing",NID_OCSP_sign,8,&(lvalues[1078]),0},
+{"ISO","iso",NID_iso,1,&(lvalues[1086]),0},
+{"member-body","ISO Member Body",NID_member_body,1,&(lvalues[1087]),0},
+{"ISO-US","ISO US Member Body",NID_ISO_US,3,&(lvalues[1088]),0},
+{"X9-57","X9.57",NID_X9_57,5,&(lvalues[1091]),0},
+{"X9cm","X9.57 CM ?",NID_X9cm,6,&(lvalues[1096]),0},
+{"pkcs1","pkcs1",NID_pkcs1,8,&(lvalues[1102]),0},
+{"pkcs5","pkcs5",NID_pkcs5,8,&(lvalues[1110]),0},
+{"SMIME","S/MIME",NID_SMIME,9,&(lvalues[1118]),0},
+{"id-smime-mod","id-smime-mod",NID_id_smime_mod,10,&(lvalues[1127]),0},
+{"id-smime-ct","id-smime-ct",NID_id_smime_ct,10,&(lvalues[1137]),0},
+{"id-smime-aa","id-smime-aa",NID_id_smime_aa,10,&(lvalues[1147]),0},
+{"id-smime-alg","id-smime-alg",NID_id_smime_alg,10,&(lvalues[1157]),0},
+{"id-smime-cd","id-smime-cd",NID_id_smime_cd,10,&(lvalues[1167]),0},
+{"id-smime-spq","id-smime-spq",NID_id_smime_spq,10,&(lvalues[1177]),0},
+{"id-smime-cti","id-smime-cti",NID_id_smime_cti,10,&(lvalues[1187]),0},
{"id-smime-mod-cms","id-smime-mod-cms",NID_id_smime_mod_cms,11,
- &(lvalues[1192]),0},
+ &(lvalues[1197]),0},
{"id-smime-mod-ess","id-smime-mod-ess",NID_id_smime_mod_ess,11,
- &(lvalues[1203]),0},
+ &(lvalues[1208]),0},
{"id-smime-mod-oid","id-smime-mod-oid",NID_id_smime_mod_oid,11,
- &(lvalues[1214]),0},
+ &(lvalues[1219]),0},
{"id-smime-mod-msg-v3","id-smime-mod-msg-v3",NID_id_smime_mod_msg_v3,
- 11,&(lvalues[1225]),0},
+ 11,&(lvalues[1230]),0},
{"id-smime-mod-ets-eSignature-88","id-smime-mod-ets-eSignature-88",
- NID_id_smime_mod_ets_eSignature_88,11,&(lvalues[1236]),0},
+ NID_id_smime_mod_ets_eSignature_88,11,&(lvalues[1241]),0},
{"id-smime-mod-ets-eSignature-97","id-smime-mod-ets-eSignature-97",
- NID_id_smime_mod_ets_eSignature_97,11,&(lvalues[1247]),0},
+ NID_id_smime_mod_ets_eSignature_97,11,&(lvalues[1252]),0},
{"id-smime-mod-ets-eSigPolicy-88","id-smime-mod-ets-eSigPolicy-88",
- NID_id_smime_mod_ets_eSigPolicy_88,11,&(lvalues[1258]),0},
+ NID_id_smime_mod_ets_eSigPolicy_88,11,&(lvalues[1263]),0},
{"id-smime-mod-ets-eSigPolicy-97","id-smime-mod-ets-eSigPolicy-97",
- NID_id_smime_mod_ets_eSigPolicy_97,11,&(lvalues[1269]),0},
+ NID_id_smime_mod_ets_eSigPolicy_97,11,&(lvalues[1274]),0},
{"id-smime-ct-receipt","id-smime-ct-receipt",NID_id_smime_ct_receipt,
- 11,&(lvalues[1280]),0},
+ 11,&(lvalues[1285]),0},
{"id-smime-ct-authData","id-smime-ct-authData",
- NID_id_smime_ct_authData,11,&(lvalues[1291]),0},
+ NID_id_smime_ct_authData,11,&(lvalues[1296]),0},
{"id-smime-ct-publishCert","id-smime-ct-publishCert",
- NID_id_smime_ct_publishCert,11,&(lvalues[1302]),0},
+ NID_id_smime_ct_publishCert,11,&(lvalues[1307]),0},
{"id-smime-ct-TSTInfo","id-smime-ct-TSTInfo",NID_id_smime_ct_TSTInfo,
- 11,&(lvalues[1313]),0},
+ 11,&(lvalues[1318]),0},
{"id-smime-ct-TDTInfo","id-smime-ct-TDTInfo",NID_id_smime_ct_TDTInfo,
- 11,&(lvalues[1324]),0},
+ 11,&(lvalues[1329]),0},
{"id-smime-ct-contentInfo","id-smime-ct-contentInfo",
- NID_id_smime_ct_contentInfo,11,&(lvalues[1335]),0},
+ NID_id_smime_ct_contentInfo,11,&(lvalues[1340]),0},
{"id-smime-ct-DVCSRequestData","id-smime-ct-DVCSRequestData",
- NID_id_smime_ct_DVCSRequestData,11,&(lvalues[1346]),0},
+ NID_id_smime_ct_DVCSRequestData,11,&(lvalues[1351]),0},
{"id-smime-ct-DVCSResponseData","id-smime-ct-DVCSResponseData",
- NID_id_smime_ct_DVCSResponseData,11,&(lvalues[1357]),0},
+ NID_id_smime_ct_DVCSResponseData,11,&(lvalues[1362]),0},
{"id-smime-aa-receiptRequest","id-smime-aa-receiptRequest",
- NID_id_smime_aa_receiptRequest,11,&(lvalues[1368]),0},
+ NID_id_smime_aa_receiptRequest,11,&(lvalues[1373]),0},
{"id-smime-aa-securityLabel","id-smime-aa-securityLabel",
- NID_id_smime_aa_securityLabel,11,&(lvalues[1379]),0},
+ NID_id_smime_aa_securityLabel,11,&(lvalues[1384]),0},
{"id-smime-aa-mlExpandHistory","id-smime-aa-mlExpandHistory",
- NID_id_smime_aa_mlExpandHistory,11,&(lvalues[1390]),0},
+ NID_id_smime_aa_mlExpandHistory,11,&(lvalues[1395]),0},
{"id-smime-aa-contentHint","id-smime-aa-contentHint",
- NID_id_smime_aa_contentHint,11,&(lvalues[1401]),0},
+ NID_id_smime_aa_contentHint,11,&(lvalues[1406]),0},
{"id-smime-aa-msgSigDigest","id-smime-aa-msgSigDigest",
- NID_id_smime_aa_msgSigDigest,11,&(lvalues[1412]),0},
+ NID_id_smime_aa_msgSigDigest,11,&(lvalues[1417]),0},
{"id-smime-aa-encapContentType","id-smime-aa-encapContentType",
- NID_id_smime_aa_encapContentType,11,&(lvalues[1423]),0},
+ NID_id_smime_aa_encapContentType,11,&(lvalues[1428]),0},
{"id-smime-aa-contentIdentifier","id-smime-aa-contentIdentifier",
- NID_id_smime_aa_contentIdentifier,11,&(lvalues[1434]),0},
+ NID_id_smime_aa_contentIdentifier,11,&(lvalues[1439]),0},
{"id-smime-aa-macValue","id-smime-aa-macValue",
- NID_id_smime_aa_macValue,11,&(lvalues[1445]),0},
+ NID_id_smime_aa_macValue,11,&(lvalues[1450]),0},
{"id-smime-aa-equivalentLabels","id-smime-aa-equivalentLabels",
- NID_id_smime_aa_equivalentLabels,11,&(lvalues[1456]),0},
+ NID_id_smime_aa_equivalentLabels,11,&(lvalues[1461]),0},
{"id-smime-aa-contentReference","id-smime-aa-contentReference",
- NID_id_smime_aa_contentReference,11,&(lvalues[1467]),0},
+ NID_id_smime_aa_contentReference,11,&(lvalues[1472]),0},
{"id-smime-aa-encrypKeyPref","id-smime-aa-encrypKeyPref",
- NID_id_smime_aa_encrypKeyPref,11,&(lvalues[1478]),0},
+ NID_id_smime_aa_encrypKeyPref,11,&(lvalues[1483]),0},
{"id-smime-aa-signingCertificate","id-smime-aa-signingCertificate",
- NID_id_smime_aa_signingCertificate,11,&(lvalues[1489]),0},
+ NID_id_smime_aa_signingCertificate,11,&(lvalues[1494]),0},
{"id-smime-aa-smimeEncryptCerts","id-smime-aa-smimeEncryptCerts",
- NID_id_smime_aa_smimeEncryptCerts,11,&(lvalues[1500]),0},
+ NID_id_smime_aa_smimeEncryptCerts,11,&(lvalues[1505]),0},
{"id-smime-aa-timeStampToken","id-smime-aa-timeStampToken",
- NID_id_smime_aa_timeStampToken,11,&(lvalues[1511]),0},
+ NID_id_smime_aa_timeStampToken,11,&(lvalues[1516]),0},
{"id-smime-aa-ets-sigPolicyId","id-smime-aa-ets-sigPolicyId",
- NID_id_smime_aa_ets_sigPolicyId,11,&(lvalues[1522]),0},
+ NID_id_smime_aa_ets_sigPolicyId,11,&(lvalues[1527]),0},
{"id-smime-aa-ets-commitmentType","id-smime-aa-ets-commitmentType",
- NID_id_smime_aa_ets_commitmentType,11,&(lvalues[1533]),0},
+ NID_id_smime_aa_ets_commitmentType,11,&(lvalues[1538]),0},
{"id-smime-aa-ets-signerLocation","id-smime-aa-ets-signerLocation",
- NID_id_smime_aa_ets_signerLocation,11,&(lvalues[1544]),0},
+ NID_id_smime_aa_ets_signerLocation,11,&(lvalues[1549]),0},
{"id-smime-aa-ets-signerAttr","id-smime-aa-ets-signerAttr",
- NID_id_smime_aa_ets_signerAttr,11,&(lvalues[1555]),0},
+ NID_id_smime_aa_ets_signerAttr,11,&(lvalues[1560]),0},
{"id-smime-aa-ets-otherSigCert","id-smime-aa-ets-otherSigCert",
- NID_id_smime_aa_ets_otherSigCert,11,&(lvalues[1566]),0},
+ NID_id_smime_aa_ets_otherSigCert,11,&(lvalues[1571]),0},
{"id-smime-aa-ets-contentTimestamp",
"id-smime-aa-ets-contentTimestamp",
- NID_id_smime_aa_ets_contentTimestamp,11,&(lvalues[1577]),0},
+ NID_id_smime_aa_ets_contentTimestamp,11,&(lvalues[1582]),0},
{"id-smime-aa-ets-CertificateRefs","id-smime-aa-ets-CertificateRefs",
- NID_id_smime_aa_ets_CertificateRefs,11,&(lvalues[1588]),0},
+ NID_id_smime_aa_ets_CertificateRefs,11,&(lvalues[1593]),0},
{"id-smime-aa-ets-RevocationRefs","id-smime-aa-ets-RevocationRefs",
- NID_id_smime_aa_ets_RevocationRefs,11,&(lvalues[1599]),0},
+ NID_id_smime_aa_ets_RevocationRefs,11,&(lvalues[1604]),0},
{"id-smime-aa-ets-certValues","id-smime-aa-ets-certValues",
- NID_id_smime_aa_ets_certValues,11,&(lvalues[1610]),0},
+ NID_id_smime_aa_ets_certValues,11,&(lvalues[1615]),0},
{"id-smime-aa-ets-revocationValues",
"id-smime-aa-ets-revocationValues",
- NID_id_smime_aa_ets_revocationValues,11,&(lvalues[1621]),0},
+ NID_id_smime_aa_ets_revocationValues,11,&(lvalues[1626]),0},
{"id-smime-aa-ets-escTimeStamp","id-smime-aa-ets-escTimeStamp",
- NID_id_smime_aa_ets_escTimeStamp,11,&(lvalues[1632]),0},
+ NID_id_smime_aa_ets_escTimeStamp,11,&(lvalues[1637]),0},
{"id-smime-aa-ets-certCRLTimestamp",
"id-smime-aa-ets-certCRLTimestamp",
- NID_id_smime_aa_ets_certCRLTimestamp,11,&(lvalues[1643]),0},
+ NID_id_smime_aa_ets_certCRLTimestamp,11,&(lvalues[1648]),0},
{"id-smime-aa-ets-archiveTimeStamp",
"id-smime-aa-ets-archiveTimeStamp",
- NID_id_smime_aa_ets_archiveTimeStamp,11,&(lvalues[1654]),0},
+ NID_id_smime_aa_ets_archiveTimeStamp,11,&(lvalues[1659]),0},
{"id-smime-aa-signatureType","id-smime-aa-signatureType",
- NID_id_smime_aa_signatureType,11,&(lvalues[1665]),0},
+ NID_id_smime_aa_signatureType,11,&(lvalues[1670]),0},
{"id-smime-aa-dvcs-dvc","id-smime-aa-dvcs-dvc",
- NID_id_smime_aa_dvcs_dvc,11,&(lvalues[1676]),0},
+ NID_id_smime_aa_dvcs_dvc,11,&(lvalues[1681]),0},
{"id-smime-alg-ESDHwith3DES","id-smime-alg-ESDHwith3DES",
- NID_id_smime_alg_ESDHwith3DES,11,&(lvalues[1687]),0},
+ NID_id_smime_alg_ESDHwith3DES,11,&(lvalues[1692]),0},
{"id-smime-alg-ESDHwithRC2","id-smime-alg-ESDHwithRC2",
- NID_id_smime_alg_ESDHwithRC2,11,&(lvalues[1698]),0},
+ NID_id_smime_alg_ESDHwithRC2,11,&(lvalues[1703]),0},
{"id-smime-alg-3DESwrap","id-smime-alg-3DESwrap",
- NID_id_smime_alg_3DESwrap,11,&(lvalues[1709]),0},
+ NID_id_smime_alg_3DESwrap,11,&(lvalues[1714]),0},
{"id-smime-alg-RC2wrap","id-smime-alg-RC2wrap",
- NID_id_smime_alg_RC2wrap,11,&(lvalues[1720]),0},
+ NID_id_smime_alg_RC2wrap,11,&(lvalues[1725]),0},
{"id-smime-alg-ESDH","id-smime-alg-ESDH",NID_id_smime_alg_ESDH,11,
- &(lvalues[1731]),0},
+ &(lvalues[1736]),0},
{"id-smime-alg-CMS3DESwrap","id-smime-alg-CMS3DESwrap",
- NID_id_smime_alg_CMS3DESwrap,11,&(lvalues[1742]),0},
+ NID_id_smime_alg_CMS3DESwrap,11,&(lvalues[1747]),0},
{"id-smime-alg-CMSRC2wrap","id-smime-alg-CMSRC2wrap",
- NID_id_smime_alg_CMSRC2wrap,11,&(lvalues[1753]),0},
+ NID_id_smime_alg_CMSRC2wrap,11,&(lvalues[1758]),0},
{"id-smime-cd-ldap","id-smime-cd-ldap",NID_id_smime_cd_ldap,11,
- &(lvalues[1764]),0},
+ &(lvalues[1769]),0},
{"id-smime-spq-ets-sqt-uri","id-smime-spq-ets-sqt-uri",
- NID_id_smime_spq_ets_sqt_uri,11,&(lvalues[1775]),0},
+ NID_id_smime_spq_ets_sqt_uri,11,&(lvalues[1780]),0},
{"id-smime-spq-ets-sqt-unotice","id-smime-spq-ets-sqt-unotice",
- NID_id_smime_spq_ets_sqt_unotice,11,&(lvalues[1786]),0},
+ NID_id_smime_spq_ets_sqt_unotice,11,&(lvalues[1791]),0},
{"id-smime-cti-ets-proofOfOrigin","id-smime-cti-ets-proofOfOrigin",
- NID_id_smime_cti_ets_proofOfOrigin,11,&(lvalues[1797]),0},
+ NID_id_smime_cti_ets_proofOfOrigin,11,&(lvalues[1802]),0},
{"id-smime-cti-ets-proofOfReceipt","id-smime-cti-ets-proofOfReceipt",
- NID_id_smime_cti_ets_proofOfReceipt,11,&(lvalues[1808]),0},
+ NID_id_smime_cti_ets_proofOfReceipt,11,&(lvalues[1813]),0},
{"id-smime-cti-ets-proofOfDelivery",
"id-smime-cti-ets-proofOfDelivery",
- NID_id_smime_cti_ets_proofOfDelivery,11,&(lvalues[1819]),0},
+ NID_id_smime_cti_ets_proofOfDelivery,11,&(lvalues[1824]),0},
{"id-smime-cti-ets-proofOfSender","id-smime-cti-ets-proofOfSender",
- NID_id_smime_cti_ets_proofOfSender,11,&(lvalues[1830]),0},
+ NID_id_smime_cti_ets_proofOfSender,11,&(lvalues[1835]),0},
{"id-smime-cti-ets-proofOfApproval",
"id-smime-cti-ets-proofOfApproval",
- NID_id_smime_cti_ets_proofOfApproval,11,&(lvalues[1841]),0},
+ NID_id_smime_cti_ets_proofOfApproval,11,&(lvalues[1846]),0},
{"id-smime-cti-ets-proofOfCreation",
"id-smime-cti-ets-proofOfCreation",
- NID_id_smime_cti_ets_proofOfCreation,11,&(lvalues[1852]),0},
-{"MD4","md4",NID_md4,8,&(lvalues[1863]),0},
-{"id-pkix-mod","id-pkix-mod",NID_id_pkix_mod,7,&(lvalues[1871]),0},
-{"id-qt","id-qt",NID_id_qt,7,&(lvalues[1878]),0},
-{"id-it","id-it",NID_id_it,7,&(lvalues[1885]),0},
-{"id-pkip","id-pkip",NID_id_pkip,7,&(lvalues[1892]),0},
-{"id-alg","id-alg",NID_id_alg,7,&(lvalues[1899]),0},
-{"id-cmc","id-cmc",NID_id_cmc,7,&(lvalues[1906]),0},
-{"id-on","id-on",NID_id_on,7,&(lvalues[1913]),0},
-{"id-pda","id-pda",NID_id_pda,7,&(lvalues[1920]),0},
-{"id-aca","id-aca",NID_id_aca,7,&(lvalues[1927]),0},
-{"id-qcs","id-qcs",NID_id_qcs,7,&(lvalues[1934]),0},
-{"id-cct","id-cct",NID_id_cct,7,&(lvalues[1941]),0},
+ NID_id_smime_cti_ets_proofOfCreation,11,&(lvalues[1857]),0},
+{"MD4","md4",NID_md4,8,&(lvalues[1868]),0},
+{"id-pkix-mod","id-pkix-mod",NID_id_pkix_mod,7,&(lvalues[1876]),0},
+{"id-qt","id-qt",NID_id_qt,7,&(lvalues[1883]),0},
+{"id-it","id-it",NID_id_it,7,&(lvalues[1890]),0},
+{"id-pkip","id-pkip",NID_id_pkip,7,&(lvalues[1897]),0},
+{"id-alg","id-alg",NID_id_alg,7,&(lvalues[1904]),0},
+{"id-cmc","id-cmc",NID_id_cmc,7,&(lvalues[1911]),0},
+{"id-on","id-on",NID_id_on,7,&(lvalues[1918]),0},
+{"id-pda","id-pda",NID_id_pda,7,&(lvalues[1925]),0},
+{"id-aca","id-aca",NID_id_aca,7,&(lvalues[1932]),0},
+{"id-qcs","id-qcs",NID_id_qcs,7,&(lvalues[1939]),0},
+{"id-cct","id-cct",NID_id_cct,7,&(lvalues[1946]),0},
{"id-pkix1-explicit-88","id-pkix1-explicit-88",
- NID_id_pkix1_explicit_88,8,&(lvalues[1948]),0},
+ NID_id_pkix1_explicit_88,8,&(lvalues[1953]),0},
{"id-pkix1-implicit-88","id-pkix1-implicit-88",
- NID_id_pkix1_implicit_88,8,&(lvalues[1956]),0},
+ NID_id_pkix1_implicit_88,8,&(lvalues[1961]),0},
{"id-pkix1-explicit-93","id-pkix1-explicit-93",
- NID_id_pkix1_explicit_93,8,&(lvalues[1964]),0},
+ NID_id_pkix1_explicit_93,8,&(lvalues[1969]),0},
{"id-pkix1-implicit-93","id-pkix1-implicit-93",
- NID_id_pkix1_implicit_93,8,&(lvalues[1972]),0},
-{"id-mod-crmf","id-mod-crmf",NID_id_mod_crmf,8,&(lvalues[1980]),0},
-{"id-mod-cmc","id-mod-cmc",NID_id_mod_cmc,8,&(lvalues[1988]),0},
+ NID_id_pkix1_implicit_93,8,&(lvalues[1977]),0},
+{"id-mod-crmf","id-mod-crmf",NID_id_mod_crmf,8,&(lvalues[1985]),0},
+{"id-mod-cmc","id-mod-cmc",NID_id_mod_cmc,8,&(lvalues[1993]),0},
{"id-mod-kea-profile-88","id-mod-kea-profile-88",
- NID_id_mod_kea_profile_88,8,&(lvalues[1996]),0},
+ NID_id_mod_kea_profile_88,8,&(lvalues[2001]),0},
{"id-mod-kea-profile-93","id-mod-kea-profile-93",
- NID_id_mod_kea_profile_93,8,&(lvalues[2004]),0},
-{"id-mod-cmp","id-mod-cmp",NID_id_mod_cmp,8,&(lvalues[2012]),0},
+ NID_id_mod_kea_profile_93,8,&(lvalues[2009]),0},
+{"id-mod-cmp","id-mod-cmp",NID_id_mod_cmp,8,&(lvalues[2017]),0},
{"id-mod-qualified-cert-88","id-mod-qualified-cert-88",
- NID_id_mod_qualified_cert_88,8,&(lvalues[2020]),0},
+ NID_id_mod_qualified_cert_88,8,&(lvalues[2025]),0},
{"id-mod-qualified-cert-93","id-mod-qualified-cert-93",
- NID_id_mod_qualified_cert_93,8,&(lvalues[2028]),0},
+ NID_id_mod_qualified_cert_93,8,&(lvalues[2033]),0},
{"id-mod-attribute-cert","id-mod-attribute-cert",
- NID_id_mod_attribute_cert,8,&(lvalues[2036]),0},
+ NID_id_mod_attribute_cert,8,&(lvalues[2041]),0},
{"id-mod-timestamp-protocol","id-mod-timestamp-protocol",
- NID_id_mod_timestamp_protocol,8,&(lvalues[2044]),0},
-{"id-mod-ocsp","id-mod-ocsp",NID_id_mod_ocsp,8,&(lvalues[2052]),0},
-{"id-mod-dvcs","id-mod-dvcs",NID_id_mod_dvcs,8,&(lvalues[2060]),0},
+ NID_id_mod_timestamp_protocol,8,&(lvalues[2049]),0},
+{"id-mod-ocsp","id-mod-ocsp",NID_id_mod_ocsp,8,&(lvalues[2057]),0},
+{"id-mod-dvcs","id-mod-dvcs",NID_id_mod_dvcs,8,&(lvalues[2065]),0},
{"id-mod-cmp2000","id-mod-cmp2000",NID_id_mod_cmp2000,8,
- &(lvalues[2068]),0},
-{"biometricInfo","Biometric Info",NID_biometricInfo,8,&(lvalues[2076]),0},
-{"qcStatements","qcStatements",NID_qcStatements,8,&(lvalues[2084]),0},
+ &(lvalues[2073]),0},
+{"biometricInfo","Biometric Info",NID_biometricInfo,8,&(lvalues[2081]),0},
+{"qcStatements","qcStatements",NID_qcStatements,8,&(lvalues[2089]),0},
{"ac-auditEntity","ac-auditEntity",NID_ac_auditEntity,8,
- &(lvalues[2092]),0},
-{"ac-targeting","ac-targeting",NID_ac_targeting,8,&(lvalues[2100]),0},
-{"aaControls","aaControls",NID_aaControls,8,&(lvalues[2108]),0},
+ &(lvalues[2097]),0},
+{"ac-targeting","ac-targeting",NID_ac_targeting,8,&(lvalues[2105]),0},
+{"aaControls","aaControls",NID_aaControls,8,&(lvalues[2113]),0},
{"sbgp-ipAddrBlock","sbgp-ipAddrBlock",NID_sbgp_ipAddrBlock,8,
- &(lvalues[2116]),0},
+ &(lvalues[2121]),0},
{"sbgp-autonomousSysNum","sbgp-autonomousSysNum",
- NID_sbgp_autonomousSysNum,8,&(lvalues[2124]),0},
+ NID_sbgp_autonomousSysNum,8,&(lvalues[2129]),0},
{"sbgp-routerIdentifier","sbgp-routerIdentifier",
- NID_sbgp_routerIdentifier,8,&(lvalues[2132]),0},
-{"textNotice","textNotice",NID_textNotice,8,&(lvalues[2140]),0},
+ NID_sbgp_routerIdentifier,8,&(lvalues[2137]),0},
+{"textNotice","textNotice",NID_textNotice,8,&(lvalues[2145]),0},
{"ipsecEndSystem","IPSec End System",NID_ipsecEndSystem,8,
- &(lvalues[2148]),0},
-{"ipsecTunnel","IPSec Tunnel",NID_ipsecTunnel,8,&(lvalues[2156]),0},
-{"ipsecUser","IPSec User",NID_ipsecUser,8,&(lvalues[2164]),0},
-{"DVCS","dvcs",NID_dvcs,8,&(lvalues[2172]),0},
+ &(lvalues[2153]),0},
+{"ipsecTunnel","IPSec Tunnel",NID_ipsecTunnel,8,&(lvalues[2161]),0},
+{"ipsecUser","IPSec User",NID_ipsecUser,8,&(lvalues[2169]),0},
+{"DVCS","dvcs",NID_dvcs,8,&(lvalues[2177]),0},
{"id-it-caProtEncCert","id-it-caProtEncCert",NID_id_it_caProtEncCert,
- 8,&(lvalues[2180]),0},
+ 8,&(lvalues[2185]),0},
{"id-it-signKeyPairTypes","id-it-signKeyPairTypes",
- NID_id_it_signKeyPairTypes,8,&(lvalues[2188]),0},
+ NID_id_it_signKeyPairTypes,8,&(lvalues[2193]),0},
{"id-it-encKeyPairTypes","id-it-encKeyPairTypes",
- NID_id_it_encKeyPairTypes,8,&(lvalues[2196]),0},
+ NID_id_it_encKeyPairTypes,8,&(lvalues[2201]),0},
{"id-it-preferredSymmAlg","id-it-preferredSymmAlg",
- NID_id_it_preferredSymmAlg,8,&(lvalues[2204]),0},
+ NID_id_it_preferredSymmAlg,8,&(lvalues[2209]),0},
{"id-it-caKeyUpdateInfo","id-it-caKeyUpdateInfo",
- NID_id_it_caKeyUpdateInfo,8,&(lvalues[2212]),0},
+ NID_id_it_caKeyUpdateInfo,8,&(lvalues[2217]),0},
{"id-it-currentCRL","id-it-currentCRL",NID_id_it_currentCRL,8,
- &(lvalues[2220]),0},
+ &(lvalues[2225]),0},
{"id-it-unsupportedOIDs","id-it-unsupportedOIDs",
- NID_id_it_unsupportedOIDs,8,&(lvalues[2228]),0},
+ NID_id_it_unsupportedOIDs,8,&(lvalues[2233]),0},
{"id-it-subscriptionRequest","id-it-subscriptionRequest",
- NID_id_it_subscriptionRequest,8,&(lvalues[2236]),0},
+ NID_id_it_subscriptionRequest,8,&(lvalues[2241]),0},
{"id-it-subscriptionResponse","id-it-subscriptionResponse",
- NID_id_it_subscriptionResponse,8,&(lvalues[2244]),0},
+ NID_id_it_subscriptionResponse,8,&(lvalues[2249]),0},
{"id-it-keyPairParamReq","id-it-keyPairParamReq",
- NID_id_it_keyPairParamReq,8,&(lvalues[2252]),0},
+ NID_id_it_keyPairParamReq,8,&(lvalues[2257]),0},
{"id-it-keyPairParamRep","id-it-keyPairParamRep",
- NID_id_it_keyPairParamRep,8,&(lvalues[2260]),0},
+ NID_id_it_keyPairParamRep,8,&(lvalues[2265]),0},
{"id-it-revPassphrase","id-it-revPassphrase",NID_id_it_revPassphrase,
- 8,&(lvalues[2268]),0},
+ 8,&(lvalues[2273]),0},
{"id-it-implicitConfirm","id-it-implicitConfirm",
- NID_id_it_implicitConfirm,8,&(lvalues[2276]),0},
+ NID_id_it_implicitConfirm,8,&(lvalues[2281]),0},
{"id-it-confirmWaitTime","id-it-confirmWaitTime",
- NID_id_it_confirmWaitTime,8,&(lvalues[2284]),0},
+ NID_id_it_confirmWaitTime,8,&(lvalues[2289]),0},
{"id-it-origPKIMessage","id-it-origPKIMessage",
- NID_id_it_origPKIMessage,8,&(lvalues[2292]),0},
-{"id-regCtrl","id-regCtrl",NID_id_regCtrl,8,&(lvalues[2300]),0},
-{"id-regInfo","id-regInfo",NID_id_regInfo,8,&(lvalues[2308]),0},
+ NID_id_it_origPKIMessage,8,&(lvalues[2297]),0},
+{"id-regCtrl","id-regCtrl",NID_id_regCtrl,8,&(lvalues[2305]),0},
+{"id-regInfo","id-regInfo",NID_id_regInfo,8,&(lvalues[2313]),0},
{"id-regCtrl-regToken","id-regCtrl-regToken",NID_id_regCtrl_regToken,
- 9,&(lvalues[2316]),0},
+ 9,&(lvalues[2321]),0},
{"id-regCtrl-authenticator","id-regCtrl-authenticator",
- NID_id_regCtrl_authenticator,9,&(lvalues[2325]),0},
+ NID_id_regCtrl_authenticator,9,&(lvalues[2330]),0},
{"id-regCtrl-pkiPublicationInfo","id-regCtrl-pkiPublicationInfo",
- NID_id_regCtrl_pkiPublicationInfo,9,&(lvalues[2334]),0},
+ NID_id_regCtrl_pkiPublicationInfo,9,&(lvalues[2339]),0},
{"id-regCtrl-pkiArchiveOptions","id-regCtrl-pkiArchiveOptions",
- NID_id_regCtrl_pkiArchiveOptions,9,&(lvalues[2343]),0},
+ NID_id_regCtrl_pkiArchiveOptions,9,&(lvalues[2348]),0},
{"id-regCtrl-oldCertID","id-regCtrl-oldCertID",
- NID_id_regCtrl_oldCertID,9,&(lvalues[2352]),0},
+ NID_id_regCtrl_oldCertID,9,&(lvalues[2357]),0},
{"id-regCtrl-protocolEncrKey","id-regCtrl-protocolEncrKey",
- NID_id_regCtrl_protocolEncrKey,9,&(lvalues[2361]),0},
+ NID_id_regCtrl_protocolEncrKey,9,&(lvalues[2366]),0},
{"id-regInfo-utf8Pairs","id-regInfo-utf8Pairs",
- NID_id_regInfo_utf8Pairs,9,&(lvalues[2370]),0},
+ NID_id_regInfo_utf8Pairs,9,&(lvalues[2375]),0},
{"id-regInfo-certReq","id-regInfo-certReq",NID_id_regInfo_certReq,9,
- &(lvalues[2379]),0},
-{"id-alg-des40","id-alg-des40",NID_id_alg_des40,8,&(lvalues[2388]),0},
+ &(lvalues[2384]),0},
+{"id-alg-des40","id-alg-des40",NID_id_alg_des40,8,&(lvalues[2393]),0},
{"id-alg-noSignature","id-alg-noSignature",NID_id_alg_noSignature,8,
- &(lvalues[2396]),0},
+ &(lvalues[2401]),0},
{"id-alg-dh-sig-hmac-sha1","id-alg-dh-sig-hmac-sha1",
- NID_id_alg_dh_sig_hmac_sha1,8,&(lvalues[2404]),0},
-{"id-alg-dh-pop","id-alg-dh-pop",NID_id_alg_dh_pop,8,&(lvalues[2412]),0},
+ NID_id_alg_dh_sig_hmac_sha1,8,&(lvalues[2409]),0},
+{"id-alg-dh-pop","id-alg-dh-pop",NID_id_alg_dh_pop,8,&(lvalues[2417]),0},
{"id-cmc-statusInfo","id-cmc-statusInfo",NID_id_cmc_statusInfo,8,
- &(lvalues[2420]),0},
+ &(lvalues[2425]),0},
{"id-cmc-identification","id-cmc-identification",
- NID_id_cmc_identification,8,&(lvalues[2428]),0},
+ NID_id_cmc_identification,8,&(lvalues[2433]),0},
{"id-cmc-identityProof","id-cmc-identityProof",
- NID_id_cmc_identityProof,8,&(lvalues[2436]),0},
+ NID_id_cmc_identityProof,8,&(lvalues[2441]),0},
{"id-cmc-dataReturn","id-cmc-dataReturn",NID_id_cmc_dataReturn,8,
- &(lvalues[2444]),0},
+ &(lvalues[2449]),0},
{"id-cmc-transactionId","id-cmc-transactionId",
- NID_id_cmc_transactionId,8,&(lvalues[2452]),0},
+ NID_id_cmc_transactionId,8,&(lvalues[2457]),0},
{"id-cmc-senderNonce","id-cmc-senderNonce",NID_id_cmc_senderNonce,8,
- &(lvalues[2460]),0},
+ &(lvalues[2465]),0},
{"id-cmc-recipientNonce","id-cmc-recipientNonce",
- NID_id_cmc_recipientNonce,8,&(lvalues[2468]),0},
+ NID_id_cmc_recipientNonce,8,&(lvalues[2473]),0},
{"id-cmc-addExtensions","id-cmc-addExtensions",
- NID_id_cmc_addExtensions,8,&(lvalues[2476]),0},
+ NID_id_cmc_addExtensions,8,&(lvalues[2481]),0},
{"id-cmc-encryptedPOP","id-cmc-encryptedPOP",NID_id_cmc_encryptedPOP,
- 8,&(lvalues[2484]),0},
+ 8,&(lvalues[2489]),0},
{"id-cmc-decryptedPOP","id-cmc-decryptedPOP",NID_id_cmc_decryptedPOP,
- 8,&(lvalues[2492]),0},
+ 8,&(lvalues[2497]),0},
{"id-cmc-lraPOPWitness","id-cmc-lraPOPWitness",
- NID_id_cmc_lraPOPWitness,8,&(lvalues[2500]),0},
+ NID_id_cmc_lraPOPWitness,8,&(lvalues[2505]),0},
{"id-cmc-getCert","id-cmc-getCert",NID_id_cmc_getCert,8,
- &(lvalues[2508]),0},
-{"id-cmc-getCRL","id-cmc-getCRL",NID_id_cmc_getCRL,8,&(lvalues[2516]),0},
+ &(lvalues[2513]),0},
+{"id-cmc-getCRL","id-cmc-getCRL",NID_id_cmc_getCRL,8,&(lvalues[2521]),0},
{"id-cmc-revokeRequest","id-cmc-revokeRequest",
- NID_id_cmc_revokeRequest,8,&(lvalues[2524]),0},
+ NID_id_cmc_revokeRequest,8,&(lvalues[2529]),0},
{"id-cmc-regInfo","id-cmc-regInfo",NID_id_cmc_regInfo,8,
- &(lvalues[2532]),0},
+ &(lvalues[2537]),0},
{"id-cmc-responseInfo","id-cmc-responseInfo",NID_id_cmc_responseInfo,
- 8,&(lvalues[2540]),0},
+ 8,&(lvalues[2545]),0},
{"id-cmc-queryPending","id-cmc-queryPending",NID_id_cmc_queryPending,
- 8,&(lvalues[2548]),0},
+ 8,&(lvalues[2553]),0},
{"id-cmc-popLinkRandom","id-cmc-popLinkRandom",
- NID_id_cmc_popLinkRandom,8,&(lvalues[2556]),0},
+ NID_id_cmc_popLinkRandom,8,&(lvalues[2561]),0},
{"id-cmc-popLinkWitness","id-cmc-popLinkWitness",
- NID_id_cmc_popLinkWitness,8,&(lvalues[2564]),0},
+ NID_id_cmc_popLinkWitness,8,&(lvalues[2569]),0},
{"id-cmc-confirmCertAcceptance","id-cmc-confirmCertAcceptance",
- NID_id_cmc_confirmCertAcceptance,8,&(lvalues[2572]),0},
+ NID_id_cmc_confirmCertAcceptance,8,&(lvalues[2577]),0},
{"id-on-personalData","id-on-personalData",NID_id_on_personalData,8,
- &(lvalues[2580]),0},
+ &(lvalues[2585]),0},
{"id-pda-dateOfBirth","id-pda-dateOfBirth",NID_id_pda_dateOfBirth,8,
- &(lvalues[2588]),0},
+ &(lvalues[2593]),0},
{"id-pda-placeOfBirth","id-pda-placeOfBirth",NID_id_pda_placeOfBirth,
- 8,&(lvalues[2596]),0},
+ 8,&(lvalues[2601]),0},
{NULL,NULL,NID_undef,0,NULL,0},
-{"id-pda-gender","id-pda-gender",NID_id_pda_gender,8,&(lvalues[2604]),0},
+{"id-pda-gender","id-pda-gender",NID_id_pda_gender,8,&(lvalues[2609]),0},
{"id-pda-countryOfCitizenship","id-pda-countryOfCitizenship",
- NID_id_pda_countryOfCitizenship,8,&(lvalues[2612]),0},
+ NID_id_pda_countryOfCitizenship,8,&(lvalues[2617]),0},
{"id-pda-countryOfResidence","id-pda-countryOfResidence",
- NID_id_pda_countryOfResidence,8,&(lvalues[2620]),0},
+ NID_id_pda_countryOfResidence,8,&(lvalues[2625]),0},
{"id-aca-authenticationInfo","id-aca-authenticationInfo",
- NID_id_aca_authenticationInfo,8,&(lvalues[2628]),0},
+ NID_id_aca_authenticationInfo,8,&(lvalues[2633]),0},
{"id-aca-accessIdentity","id-aca-accessIdentity",
- NID_id_aca_accessIdentity,8,&(lvalues[2636]),0},
+ NID_id_aca_accessIdentity,8,&(lvalues[2641]),0},
{"id-aca-chargingIdentity","id-aca-chargingIdentity",
- NID_id_aca_chargingIdentity,8,&(lvalues[2644]),0},
-{"id-aca-group","id-aca-group",NID_id_aca_group,8,&(lvalues[2652]),0},
-{"id-aca-role","id-aca-role",NID_id_aca_role,8,&(lvalues[2660]),0},
+ NID_id_aca_chargingIdentity,8,&(lvalues[2649]),0},
+{"id-aca-group","id-aca-group",NID_id_aca_group,8,&(lvalues[2657]),0},
+{"id-aca-role","id-aca-role",NID_id_aca_role,8,&(lvalues[2665]),0},
{"id-qcs-pkixQCSyntax-v1","id-qcs-pkixQCSyntax-v1",
- NID_id_qcs_pkixQCSyntax_v1,8,&(lvalues[2668]),0},
-{"id-cct-crs","id-cct-crs",NID_id_cct_crs,8,&(lvalues[2676]),0},
+ NID_id_qcs_pkixQCSyntax_v1,8,&(lvalues[2673]),0},
+{"id-cct-crs","id-cct-crs",NID_id_cct_crs,8,&(lvalues[2681]),0},
{"id-cct-PKIData","id-cct-PKIData",NID_id_cct_PKIData,8,
- &(lvalues[2684]),0},
+ &(lvalues[2689]),0},
{"id-cct-PKIResponse","id-cct-PKIResponse",NID_id_cct_PKIResponse,8,
- &(lvalues[2692]),0},
+ &(lvalues[2697]),0},
{"ad_timestamping","AD Time Stamping",NID_ad_timeStamping,8,
- &(lvalues[2700]),0},
-{"AD_DVCS","ad dvcs",NID_ad_dvcs,8,&(lvalues[2708]),0},
+ &(lvalues[2705]),0},
+{"AD_DVCS","ad dvcs",NID_ad_dvcs,8,&(lvalues[2713]),0},
{"basicOCSPResponse","Basic OCSP Response",NID_id_pkix_OCSP_basic,9,
- &(lvalues[2716]),0},
-{"Nonce","OCSP Nonce",NID_id_pkix_OCSP_Nonce,9,&(lvalues[2725]),0},
-{"CrlID","OCSP CRL ID",NID_id_pkix_OCSP_CrlID,9,&(lvalues[2734]),0},
+ &(lvalues[2721]),0},
+{"Nonce","OCSP Nonce",NID_id_pkix_OCSP_Nonce,9,&(lvalues[2730]),0},
+{"CrlID","OCSP CRL ID",NID_id_pkix_OCSP_CrlID,9,&(lvalues[2739]),0},
{"acceptableResponses","Acceptable OCSP Responses",
- NID_id_pkix_OCSP_acceptableResponses,9,&(lvalues[2743]),0},
-{"noCheck","OCSP No Check",NID_id_pkix_OCSP_noCheck,9,&(lvalues[2752]),0},
+ NID_id_pkix_OCSP_acceptableResponses,9,&(lvalues[2748]),0},
+{"noCheck","OCSP No Check",NID_id_pkix_OCSP_noCheck,9,&(lvalues[2757]),0},
{"archiveCutoff","OCSP Archive Cutoff",NID_id_pkix_OCSP_archiveCutoff,
- 9,&(lvalues[2761]),0},
+ 9,&(lvalues[2766]),0},
{"serviceLocator","OCSP Service Locator",
- NID_id_pkix_OCSP_serviceLocator,9,&(lvalues[2770]),0},
+ NID_id_pkix_OCSP_serviceLocator,9,&(lvalues[2775]),0},
{"extendedStatus","Extended OCSP Status",
- NID_id_pkix_OCSP_extendedStatus,9,&(lvalues[2779]),0},
-{"valid","valid",NID_id_pkix_OCSP_valid,9,&(lvalues[2788]),0},
-{"path","path",NID_id_pkix_OCSP_path,9,&(lvalues[2797]),0},
+ NID_id_pkix_OCSP_extendedStatus,9,&(lvalues[2784]),0},
+{"valid","valid",NID_id_pkix_OCSP_valid,9,&(lvalues[2793]),0},
+{"path","path",NID_id_pkix_OCSP_path,9,&(lvalues[2802]),0},
{"trustRoot","Trust Root",NID_id_pkix_OCSP_trustRoot,9,
- &(lvalues[2806]),0},
-{"algorithm","algorithm",NID_algorithm,4,&(lvalues[2815]),0},
-{"rsaSignature","rsaSignature",NID_rsaSignature,5,&(lvalues[2819]),0},
+ &(lvalues[2811]),0},
+{"algorithm","algorithm",NID_algorithm,4,&(lvalues[2820]),0},
+{"rsaSignature","rsaSignature",NID_rsaSignature,5,&(lvalues[2824]),0},
{"X500algorithms","directory services - algorithms",
- NID_X500algorithms,2,&(lvalues[2824]),0},
-{"ORG","org",NID_org,1,&(lvalues[2826]),0},
-{"DOD","dod",NID_dod,2,&(lvalues[2827]),0},
-{"IANA","iana",NID_iana,3,&(lvalues[2829]),0},
-{"directory","Directory",NID_Directory,4,&(lvalues[2832]),0},
-{"mgmt","Management",NID_Management,4,&(lvalues[2836]),0},
-{"experimental","Experimental",NID_Experimental,4,&(lvalues[2840]),0},
-{"private","Private",NID_Private,4,&(lvalues[2844]),0},
-{"security","Security",NID_Security,4,&(lvalues[2848]),0},
-{"snmpv2","SNMPv2",NID_SNMPv2,4,&(lvalues[2852]),0},
-{"Mail","Mail",NID_Mail,4,&(lvalues[2856]),0},
-{"enterprises","Enterprises",NID_Enterprises,5,&(lvalues[2860]),0},
-{"dcobject","dcObject",NID_dcObject,9,&(lvalues[2865]),0},
-{"DC","domainComponent",NID_domainComponent,10,&(lvalues[2874]),0},
-{"domain","Domain",NID_Domain,10,&(lvalues[2884]),0},
-{"NULL","NULL",NID_joint_iso_ccitt,1,&(lvalues[2894]),0},
+ NID_X500algorithms,2,&(lvalues[2829]),0},
+{"ORG","org",NID_org,1,&(lvalues[2831]),0},
+{"DOD","dod",NID_dod,2,&(lvalues[2832]),0},
+{"IANA","iana",NID_iana,3,&(lvalues[2834]),0},
+{"directory","Directory",NID_Directory,4,&(lvalues[2837]),0},
+{"mgmt","Management",NID_Management,4,&(lvalues[2841]),0},
+{"experimental","Experimental",NID_Experimental,4,&(lvalues[2845]),0},
+{"private","Private",NID_Private,4,&(lvalues[2849]),0},
+{"security","Security",NID_Security,4,&(lvalues[2853]),0},
+{"snmpv2","SNMPv2",NID_SNMPv2,4,&(lvalues[2857]),0},
+{"Mail","Mail",NID_Mail,4,&(lvalues[2861]),0},
+{"enterprises","Enterprises",NID_Enterprises,5,&(lvalues[2865]),0},
+{"dcobject","dcObject",NID_dcObject,9,&(lvalues[2870]),0},
+{"DC","domainComponent",NID_domainComponent,10,&(lvalues[2879]),0},
+{"domain","Domain",NID_Domain,10,&(lvalues[2889]),0},
+{"NULL","NULL",NID_joint_iso_ccitt,1,&(lvalues[2899]),0},
{"selected-attribute-types","Selected Attribute Types",
- NID_selected_attribute_types,3,&(lvalues[2895]),0},
-{"clearance","clearance",NID_clearance,4,&(lvalues[2898]),0},
+ NID_selected_attribute_types,3,&(lvalues[2900]),0},
+{"clearance","clearance",NID_clearance,4,&(lvalues[2903]),0},
{"RSA-MD4","md4WithRSAEncryption",NID_md4WithRSAEncryption,9,
- &(lvalues[2902]),0},
-{"ac-proxying","ac-proxying",NID_ac_proxying,8,&(lvalues[2911]),0},
+ &(lvalues[2907]),0},
+{"ac-proxying","ac-proxying",NID_ac_proxying,8,&(lvalues[2916]),0},
{"subjectInfoAccess","Subject Information Access",NID_sinfo_access,8,
- &(lvalues[2919]),0},
+ &(lvalues[2924]),0},
{"id-aca-encAttrs","id-aca-encAttrs",NID_id_aca_encAttrs,8,
- &(lvalues[2927]),0},
-{"role","role",NID_role,3,&(lvalues[2935]),0},
+ &(lvalues[2932]),0},
+{"role","role",NID_role,3,&(lvalues[2940]),0},
{"policyConstraints","X509v3 Policy Constraints",
- NID_policy_constraints,3,&(lvalues[2938]),0},
+ NID_policy_constraints,3,&(lvalues[2943]),0},
{"targetInformation","X509v3 AC Targeting",NID_target_information,3,
- &(lvalues[2941]),0},
+ &(lvalues[2946]),0},
{"noRevAvail","X509v3 No Revocation Available",NID_no_rev_avail,3,
- &(lvalues[2944]),0},
-{"NULL","NULL",NID_ccitt,1,&(lvalues[2947]),0},
-{"ansi-X9-62","ANSI X9.62",NID_ansi_X9_62,5,&(lvalues[2948]),0},
-{"prime-field","prime-field",NID_X9_62_prime_field,7,&(lvalues[2953]),0},
+ &(lvalues[2949]),0},
+{"NULL","NULL",NID_ccitt,1,&(lvalues[2952]),0},
+{"ansi-X9-62","ANSI X9.62",NID_ansi_X9_62,5,&(lvalues[2953]),0},
+{"prime-field","prime-field",NID_X9_62_prime_field,7,&(lvalues[2958]),0},
{"characteristic-two-field","characteristic-two-field",
- NID_X9_62_characteristic_two_field,7,&(lvalues[2960]),0},
+ NID_X9_62_characteristic_two_field,7,&(lvalues[2965]),0},
{"id-ecPublicKey","id-ecPublicKey",NID_X9_62_id_ecPublicKey,7,
- &(lvalues[2967]),0},
-{"prime192v1","prime192v1",NID_X9_62_prime192v1,8,&(lvalues[2974]),0},
-{"prime192v2","prime192v2",NID_X9_62_prime192v2,8,&(lvalues[2982]),0},
-{"prime192v3","prime192v3",NID_X9_62_prime192v3,8,&(lvalues[2990]),0},
-{"prime239v1","prime239v1",NID_X9_62_prime239v1,8,&(lvalues[2998]),0},
-{"prime239v2","prime239v2",NID_X9_62_prime239v2,8,&(lvalues[3006]),0},
-{"prime239v3","prime239v3",NID_X9_62_prime239v3,8,&(lvalues[3014]),0},
-{"prime256v1","prime256v1",NID_X9_62_prime256v1,8,&(lvalues[3022]),0},
+ &(lvalues[2972]),0},
+{"prime192v1","prime192v1",NID_X9_62_prime192v1,8,&(lvalues[2979]),0},
+{"prime192v2","prime192v2",NID_X9_62_prime192v2,8,&(lvalues[2987]),0},
+{"prime192v3","prime192v3",NID_X9_62_prime192v3,8,&(lvalues[2995]),0},
+{"prime239v1","prime239v1",NID_X9_62_prime239v1,8,&(lvalues[3003]),0},
+{"prime239v2","prime239v2",NID_X9_62_prime239v2,8,&(lvalues[3011]),0},
+{"prime239v3","prime239v3",NID_X9_62_prime239v3,8,&(lvalues[3019]),0},
+{"prime256v1","prime256v1",NID_X9_62_prime256v1,8,&(lvalues[3027]),0},
{"ecdsa-with-SHA1","ecdsa-with-SHA1",NID_ecdsa_with_SHA1,7,
- &(lvalues[3030]),0},
-{"CSPName","Microsoft CSP Name",NID_ms_csp_name,9,&(lvalues[3037]),0},
-{"AES-128-ECB","aes-128-ecb",NID_aes_128_ecb,9,&(lvalues[3046]),0},
-{"AES-128-CBC","aes-128-cbc",NID_aes_128_cbc,9,&(lvalues[3055]),0},
-{"AES-128-OFB","aes-128-ofb",NID_aes_128_ofb128,9,&(lvalues[3064]),0},
-{"AES-128-CFB","aes-128-cfb",NID_aes_128_cfb128,9,&(lvalues[3073]),0},
-{"AES-192-ECB","aes-192-ecb",NID_aes_192_ecb,9,&(lvalues[3082]),0},
-{"AES-192-CBC","aes-192-cbc",NID_aes_192_cbc,9,&(lvalues[3091]),0},
-{"AES-192-OFB","aes-192-ofb",NID_aes_192_ofb128,9,&(lvalues[3100]),0},
-{"AES-192-CFB","aes-192-cfb",NID_aes_192_cfb128,9,&(lvalues[3109]),0},
-{"AES-256-ECB","aes-256-ecb",NID_aes_256_ecb,9,&(lvalues[3118]),0},
-{"AES-256-CBC","aes-256-cbc",NID_aes_256_cbc,9,&(lvalues[3127]),0},
-{"AES-256-OFB","aes-256-ofb",NID_aes_256_ofb128,9,&(lvalues[3136]),0},
-{"AES-256-CFB","aes-256-cfb",NID_aes_256_cfb128,9,&(lvalues[3145]),0},
+ &(lvalues[3035]),0},
+{"CSPName","Microsoft CSP Name",NID_ms_csp_name,9,&(lvalues[3042]),0},
+{"AES-128-ECB","aes-128-ecb",NID_aes_128_ecb,9,&(lvalues[3051]),0},
+{"AES-128-CBC","aes-128-cbc",NID_aes_128_cbc,9,&(lvalues[3060]),0},
+{"AES-128-OFB","aes-128-ofb",NID_aes_128_ofb128,9,&(lvalues[3069]),0},
+{"AES-128-CFB","aes-128-cfb",NID_aes_128_cfb128,9,&(lvalues[3078]),0},
+{"AES-192-ECB","aes-192-ecb",NID_aes_192_ecb,9,&(lvalues[3087]),0},
+{"AES-192-CBC","aes-192-cbc",NID_aes_192_cbc,9,&(lvalues[3096]),0},
+{"AES-192-OFB","aes-192-ofb",NID_aes_192_ofb128,9,&(lvalues[3105]),0},
+{"AES-192-CFB","aes-192-cfb",NID_aes_192_cfb128,9,&(lvalues[3114]),0},
+{"AES-256-ECB","aes-256-ecb",NID_aes_256_ecb,9,&(lvalues[3123]),0},
+{"AES-256-CBC","aes-256-cbc",NID_aes_256_cbc,9,&(lvalues[3132]),0},
+{"AES-256-OFB","aes-256-ofb",NID_aes_256_ofb128,9,&(lvalues[3141]),0},
+{"AES-256-CFB","aes-256-cfb",NID_aes_256_cfb128,9,&(lvalues[3150]),0},
{"holdInstructionCode","Hold Instruction Code",
- NID_hold_instruction_code,3,&(lvalues[3154]),0},
+ NID_hold_instruction_code,3,&(lvalues[3159]),0},
{"holdInstructionNone","Hold Instruction None",
- NID_hold_instruction_none,7,&(lvalues[3157]),0},
+ NID_hold_instruction_none,7,&(lvalues[3162]),0},
{"holdInstructionCallIssuer","Hold Instruction Call Issuer",
- NID_hold_instruction_call_issuer,7,&(lvalues[3164]),0},
+ NID_hold_instruction_call_issuer,7,&(lvalues[3169]),0},
{"holdInstructionReject","Hold Instruction Reject",
- NID_hold_instruction_reject,7,&(lvalues[3171]),0},
-{"data","data",NID_data,1,&(lvalues[3178]),0},
-{"pss","pss",NID_pss,3,&(lvalues[3179]),0},
-{"ucl","ucl",NID_ucl,7,&(lvalues[3182]),0},
-{"pilot","pilot",NID_pilot,8,&(lvalues[3189]),0},
+ NID_hold_instruction_reject,7,&(lvalues[3176]),0},
+{"data","data",NID_data,1,&(lvalues[3183]),0},
+{"pss","pss",NID_pss,3,&(lvalues[3184]),0},
+{"ucl","ucl",NID_ucl,7,&(lvalues[3187]),0},
+{"pilot","pilot",NID_pilot,8,&(lvalues[3194]),0},
{"pilotAttributeType","pilotAttributeType",NID_pilotAttributeType,9,
- &(lvalues[3197]),0},
+ &(lvalues[3202]),0},
{"pilotAttributeSyntax","pilotAttributeSyntax",
- NID_pilotAttributeSyntax,9,&(lvalues[3206]),0},
+ NID_pilotAttributeSyntax,9,&(lvalues[3211]),0},
{"pilotObjectClass","pilotObjectClass",NID_pilotObjectClass,9,
- &(lvalues[3215]),0},
-{"pilotGroups","pilotGroups",NID_pilotGroups,9,&(lvalues[3224]),0},
+ &(lvalues[3220]),0},
+{"pilotGroups","pilotGroups",NID_pilotGroups,9,&(lvalues[3229]),0},
{"iA5StringSyntax","iA5StringSyntax",NID_iA5StringSyntax,10,
- &(lvalues[3233]),0},
+ &(lvalues[3238]),0},
{"caseIgnoreIA5StringSyntax","caseIgnoreIA5StringSyntax",
- NID_caseIgnoreIA5StringSyntax,10,&(lvalues[3243]),0},
-{"pilotObject","pilotObject",NID_pilotObject,10,&(lvalues[3253]),0},
-{"pilotPerson","pilotPerson",NID_pilotPerson,10,&(lvalues[3263]),0},
-{"account","account",NID_account,10,&(lvalues[3273]),0},
-{"document","document",NID_document,10,&(lvalues[3283]),0},
-{"room","room",NID_room,10,&(lvalues[3293]),0},
+ NID_caseIgnoreIA5StringSyntax,10,&(lvalues[3248]),0},
+{"pilotObject","pilotObject",NID_pilotObject,10,&(lvalues[3258]),0},
+{"pilotPerson","pilotPerson",NID_pilotPerson,10,&(lvalues[3268]),0},
+{"account","account",NID_account,10,&(lvalues[3278]),0},
+{"document","document",NID_document,10,&(lvalues[3288]),0},
+{"room","room",NID_room,10,&(lvalues[3298]),0},
{"documentSeries","documentSeries",NID_documentSeries,10,
- &(lvalues[3303]),0},
+ &(lvalues[3308]),0},
{"rFC822localPart","rFC822localPart",NID_rFC822localPart,10,
- &(lvalues[3313]),0},
-{"dNSDomain","dNSDomain",NID_dNSDomain,10,&(lvalues[3323]),0},
+ &(lvalues[3318]),0},
+{"dNSDomain","dNSDomain",NID_dNSDomain,10,&(lvalues[3328]),0},
{"domainRelatedObject","domainRelatedObject",NID_domainRelatedObject,
- 10,&(lvalues[3333]),0},
+ 10,&(lvalues[3338]),0},
{"friendlyCountry","friendlyCountry",NID_friendlyCountry,10,
- &(lvalues[3343]),0},
+ &(lvalues[3348]),0},
{"simpleSecurityObject","simpleSecurityObject",
- NID_simpleSecurityObject,10,&(lvalues[3353]),0},
+ NID_simpleSecurityObject,10,&(lvalues[3358]),0},
{"pilotOrganization","pilotOrganization",NID_pilotOrganization,10,
- &(lvalues[3363]),0},
-{"pilotDSA","pilotDSA",NID_pilotDSA,10,&(lvalues[3373]),0},
+ &(lvalues[3368]),0},
+{"pilotDSA","pilotDSA",NID_pilotDSA,10,&(lvalues[3378]),0},
{"qualityLabelledData","qualityLabelledData",NID_qualityLabelledData,
- 10,&(lvalues[3383]),0},
-{"UID","userId",NID_userId,10,&(lvalues[3393]),0},
+ 10,&(lvalues[3388]),0},
+{"UID","userId",NID_userId,10,&(lvalues[3398]),0},
{"textEncodedORAddress","textEncodedORAddress",
- NID_textEncodedORAddress,10,&(lvalues[3403]),0},
-{"mail","rfc822Mailbox",NID_rfc822Mailbox,10,&(lvalues[3413]),0},
-{"info","info",NID_info,10,&(lvalues[3423]),0},
+ NID_textEncodedORAddress,10,&(lvalues[3408]),0},
+{"mail","rfc822Mailbox",NID_rfc822Mailbox,10,&(lvalues[3418]),0},
+{"info","info",NID_info,10,&(lvalues[3428]),0},
{"favouriteDrink","favouriteDrink",NID_favouriteDrink,10,
- &(lvalues[3433]),0},
-{"roomNumber","roomNumber",NID_roomNumber,10,&(lvalues[3443]),0},
-{"photo","photo",NID_photo,10,&(lvalues[3453]),0},
-{"userClass","userClass",NID_userClass,10,&(lvalues[3463]),0},
-{"host","host",NID_host,10,&(lvalues[3473]),0},
-{"manager","manager",NID_manager,10,&(lvalues[3483]),0},
+ &(lvalues[3438]),0},
+{"roomNumber","roomNumber",NID_roomNumber,10,&(lvalues[3448]),0},
+{"photo","photo",NID_photo,10,&(lvalues[3458]),0},
+{"userClass","userClass",NID_userClass,10,&(lvalues[3468]),0},
+{"host","host",NID_host,10,&(lvalues[3478]),0},
+{"manager","manager",NID_manager,10,&(lvalues[3488]),0},
{"documentIdentifier","documentIdentifier",NID_documentIdentifier,10,
- &(lvalues[3493]),0},
-{"documentTitle","documentTitle",NID_documentTitle,10,&(lvalues[3503]),0},
+ &(lvalues[3498]),0},
+{"documentTitle","documentTitle",NID_documentTitle,10,&(lvalues[3508]),0},
{"documentVersion","documentVersion",NID_documentVersion,10,
- &(lvalues[3513]),0},
+ &(lvalues[3518]),0},
{"documentAuthor","documentAuthor",NID_documentAuthor,10,
- &(lvalues[3523]),0},
+ &(lvalues[3528]),0},
{"documentLocation","documentLocation",NID_documentLocation,10,
- &(lvalues[3533]),0},
+ &(lvalues[3538]),0},
{"homeTelephoneNumber","homeTelephoneNumber",NID_homeTelephoneNumber,
- 10,&(lvalues[3543]),0},
-{"secretary","secretary",NID_secretary,10,&(lvalues[3553]),0},
-{"otherMailbox","otherMailbox",NID_otherMailbox,10,&(lvalues[3563]),0},
+ 10,&(lvalues[3548]),0},
+{"secretary","secretary",NID_secretary,10,&(lvalues[3558]),0},
+{"otherMailbox","otherMailbox",NID_otherMailbox,10,&(lvalues[3568]),0},
{"lastModifiedTime","lastModifiedTime",NID_lastModifiedTime,10,
- &(lvalues[3573]),0},
+ &(lvalues[3578]),0},
{"lastModifiedBy","lastModifiedBy",NID_lastModifiedBy,10,
- &(lvalues[3583]),0},
-{"aRecord","aRecord",NID_aRecord,10,&(lvalues[3593]),0},
+ &(lvalues[3588]),0},
+{"aRecord","aRecord",NID_aRecord,10,&(lvalues[3598]),0},
{"pilotAttributeType27","pilotAttributeType27",
- NID_pilotAttributeType27,10,&(lvalues[3603]),0},
-{"mXRecord","mXRecord",NID_mXRecord,10,&(lvalues[3613]),0},
-{"nSRecord","nSRecord",NID_nSRecord,10,&(lvalues[3623]),0},
-{"sOARecord","sOARecord",NID_sOARecord,10,&(lvalues[3633]),0},
-{"cNAMERecord","cNAMERecord",NID_cNAMERecord,10,&(lvalues[3643]),0},
+ NID_pilotAttributeType27,10,&(lvalues[3608]),0},
+{"mXRecord","mXRecord",NID_mXRecord,10,&(lvalues[3618]),0},
+{"nSRecord","nSRecord",NID_nSRecord,10,&(lvalues[3628]),0},
+{"sOARecord","sOARecord",NID_sOARecord,10,&(lvalues[3638]),0},
+{"cNAMERecord","cNAMERecord",NID_cNAMERecord,10,&(lvalues[3648]),0},
{"associatedDomain","associatedDomain",NID_associatedDomain,10,
- &(lvalues[3653]),0},
+ &(lvalues[3658]),0},
{"associatedName","associatedName",NID_associatedName,10,
- &(lvalues[3663]),0},
+ &(lvalues[3668]),0},
{"homePostalAddress","homePostalAddress",NID_homePostalAddress,10,
- &(lvalues[3673]),0},
-{"personalTitle","personalTitle",NID_personalTitle,10,&(lvalues[3683]),0},
+ &(lvalues[3678]),0},
+{"personalTitle","personalTitle",NID_personalTitle,10,&(lvalues[3688]),0},
{"mobileTelephoneNumber","mobileTelephoneNumber",
- NID_mobileTelephoneNumber,10,&(lvalues[3693]),0},
+ NID_mobileTelephoneNumber,10,&(lvalues[3698]),0},
{"pagerTelephoneNumber","pagerTelephoneNumber",
- NID_pagerTelephoneNumber,10,&(lvalues[3703]),0},
+ NID_pagerTelephoneNumber,10,&(lvalues[3708]),0},
{"friendlyCountryName","friendlyCountryName",NID_friendlyCountryName,
- 10,&(lvalues[3713]),0},
+ 10,&(lvalues[3718]),0},
{"organizationalStatus","organizationalStatus",
- NID_organizationalStatus,10,&(lvalues[3723]),0},
-{"janetMailbox","janetMailbox",NID_janetMailbox,10,&(lvalues[3733]),0},
+ NID_organizationalStatus,10,&(lvalues[3728]),0},
+{"janetMailbox","janetMailbox",NID_janetMailbox,10,&(lvalues[3738]),0},
{"mailPreferenceOption","mailPreferenceOption",
- NID_mailPreferenceOption,10,&(lvalues[3743]),0},
-{"buildingName","buildingName",NID_buildingName,10,&(lvalues[3753]),0},
-{"dSAQuality","dSAQuality",NID_dSAQuality,10,&(lvalues[3763]),0},
+ NID_mailPreferenceOption,10,&(lvalues[3748]),0},
+{"buildingName","buildingName",NID_buildingName,10,&(lvalues[3758]),0},
+{"dSAQuality","dSAQuality",NID_dSAQuality,10,&(lvalues[3768]),0},
{"singleLevelQuality","singleLevelQuality",NID_singleLevelQuality,10,
- &(lvalues[3773]),0},
+ &(lvalues[3778]),0},
{"subtreeMinimumQuality","subtreeMinimumQuality",
- NID_subtreeMinimumQuality,10,&(lvalues[3783]),0},
+ NID_subtreeMinimumQuality,10,&(lvalues[3788]),0},
{"subtreeMaximumQuality","subtreeMaximumQuality",
- NID_subtreeMaximumQuality,10,&(lvalues[3793]),0},
+ NID_subtreeMaximumQuality,10,&(lvalues[3798]),0},
{"personalSignature","personalSignature",NID_personalSignature,10,
- &(lvalues[3803]),0},
-{"dITRedirect","dITRedirect",NID_dITRedirect,10,&(lvalues[3813]),0},
-{"audio","audio",NID_audio,10,&(lvalues[3823]),0},
+ &(lvalues[3808]),0},
+{"dITRedirect","dITRedirect",NID_dITRedirect,10,&(lvalues[3818]),0},
+{"audio","audio",NID_audio,10,&(lvalues[3828]),0},
{"documentPublisher","documentPublisher",NID_documentPublisher,10,
- &(lvalues[3833]),0},
+ &(lvalues[3838]),0},
{"x500UniqueIdentifier","x500UniqueIdentifier",
- NID_x500UniqueIdentifier,3,&(lvalues[3843]),0},
-{"mime-mhs","MIME MHS",NID_mime_mhs,5,&(lvalues[3846]),0},
+ NID_x500UniqueIdentifier,3,&(lvalues[3848]),0},
+{"mime-mhs","MIME MHS",NID_mime_mhs,5,&(lvalues[3851]),0},
{"mime-mhs-headings","mime-mhs-headings",NID_mime_mhs_headings,6,
- &(lvalues[3851]),0},
+ &(lvalues[3856]),0},
{"mime-mhs-bodies","mime-mhs-bodies",NID_mime_mhs_bodies,6,
- &(lvalues[3857]),0},
+ &(lvalues[3862]),0},
{"id-hex-partial-message","id-hex-partial-message",
- NID_id_hex_partial_message,7,&(lvalues[3863]),0},
+ NID_id_hex_partial_message,7,&(lvalues[3868]),0},
{"id-hex-multipart-message","id-hex-multipart-message",
- NID_id_hex_multipart_message,7,&(lvalues[3870]),0},
+ NID_id_hex_multipart_message,7,&(lvalues[3875]),0},
{"generationQualifier","generationQualifier",NID_generationQualifier,
- 3,&(lvalues[3877]),0},
-{"pseudonym","pseudonym",NID_pseudonym,3,&(lvalues[3880]),0},
+ 3,&(lvalues[3882]),0},
+{"pseudonym","pseudonym",NID_pseudonym,3,&(lvalues[3885]),0},
{NULL,NULL,NID_undef,0,NULL,0},
{"id-set","Secure Electronic Transactions",NID_id_set,2,
- &(lvalues[3883]),0},
-{"set-ctype","content types",NID_set_ctype,3,&(lvalues[3885]),0},
-{"set-msgExt","message extensions",NID_set_msgExt,3,&(lvalues[3888]),0},
-{"set-attr","set-attr",NID_set_attr,3,&(lvalues[3891]),0},
-{"set-policy","set-policy",NID_set_policy,3,&(lvalues[3894]),0},
+ &(lvalues[3888]),0},
+{"set-ctype","content types",NID_set_ctype,3,&(lvalues[3890]),0},
+{"set-msgExt","message extensions",NID_set_msgExt,3,&(lvalues[3893]),0},
+{"set-attr","set-attr",NID_set_attr,3,&(lvalues[3896]),0},
+{"set-policy","set-policy",NID_set_policy,3,&(lvalues[3899]),0},
{"set-certExt","certificate extensions",NID_set_certExt,3,
- &(lvalues[3897]),0},
-{"set-brand","set-brand",NID_set_brand,3,&(lvalues[3900]),0},
-{"setct-PANData","setct-PANData",NID_setct_PANData,4,&(lvalues[3903]),0},
+ &(lvalues[3902]),0},
+{"set-brand","set-brand",NID_set_brand,3,&(lvalues[3905]),0},
+{"setct-PANData","setct-PANData",NID_setct_PANData,4,&(lvalues[3908]),0},
{"setct-PANToken","setct-PANToken",NID_setct_PANToken,4,
- &(lvalues[3907]),0},
-{"setct-PANOnly","setct-PANOnly",NID_setct_PANOnly,4,&(lvalues[3911]),0},
-{"setct-OIData","setct-OIData",NID_setct_OIData,4,&(lvalues[3915]),0},
-{"setct-PI","setct-PI",NID_setct_PI,4,&(lvalues[3919]),0},
-{"setct-PIData","setct-PIData",NID_setct_PIData,4,&(lvalues[3923]),0},
+ &(lvalues[3912]),0},
+{"setct-PANOnly","setct-PANOnly",NID_setct_PANOnly,4,&(lvalues[3916]),0},
+{"setct-OIData","setct-OIData",NID_setct_OIData,4,&(lvalues[3920]),0},
+{"setct-PI","setct-PI",NID_setct_PI,4,&(lvalues[3924]),0},
+{"setct-PIData","setct-PIData",NID_setct_PIData,4,&(lvalues[3928]),0},
{"setct-PIDataUnsigned","setct-PIDataUnsigned",
- NID_setct_PIDataUnsigned,4,&(lvalues[3927]),0},
+ NID_setct_PIDataUnsigned,4,&(lvalues[3932]),0},
{"setct-HODInput","setct-HODInput",NID_setct_HODInput,4,
- &(lvalues[3931]),0},
+ &(lvalues[3936]),0},
{"setct-AuthResBaggage","setct-AuthResBaggage",
- NID_setct_AuthResBaggage,4,&(lvalues[3935]),0},
+ NID_setct_AuthResBaggage,4,&(lvalues[3940]),0},
{"setct-AuthRevReqBaggage","setct-AuthRevReqBaggage",
- NID_setct_AuthRevReqBaggage,4,&(lvalues[3939]),0},
+ NID_setct_AuthRevReqBaggage,4,&(lvalues[3944]),0},
{"setct-AuthRevResBaggage","setct-AuthRevResBaggage",
- NID_setct_AuthRevResBaggage,4,&(lvalues[3943]),0},
+ NID_setct_AuthRevResBaggage,4,&(lvalues[3948]),0},
{"setct-CapTokenSeq","setct-CapTokenSeq",NID_setct_CapTokenSeq,4,
- &(lvalues[3947]),0},
+ &(lvalues[3952]),0},
{"setct-PInitResData","setct-PInitResData",NID_setct_PInitResData,4,
- &(lvalues[3951]),0},
-{"setct-PI-TBS","setct-PI-TBS",NID_setct_PI_TBS,4,&(lvalues[3955]),0},
+ &(lvalues[3956]),0},
+{"setct-PI-TBS","setct-PI-TBS",NID_setct_PI_TBS,4,&(lvalues[3960]),0},
{"setct-PResData","setct-PResData",NID_setct_PResData,4,
- &(lvalues[3959]),0},
+ &(lvalues[3964]),0},
{"setct-AuthReqTBS","setct-AuthReqTBS",NID_setct_AuthReqTBS,4,
- &(lvalues[3963]),0},
+ &(lvalues[3968]),0},
{"setct-AuthResTBS","setct-AuthResTBS",NID_setct_AuthResTBS,4,
- &(lvalues[3967]),0},
+ &(lvalues[3972]),0},
{"setct-AuthResTBSX","setct-AuthResTBSX",NID_setct_AuthResTBSX,4,
- &(lvalues[3971]),0},
+ &(lvalues[3976]),0},
{"setct-AuthTokenTBS","setct-AuthTokenTBS",NID_setct_AuthTokenTBS,4,
- &(lvalues[3975]),0},
+ &(lvalues[3980]),0},
{"setct-CapTokenData","setct-CapTokenData",NID_setct_CapTokenData,4,
- &(lvalues[3979]),0},
+ &(lvalues[3984]),0},
{"setct-CapTokenTBS","setct-CapTokenTBS",NID_setct_CapTokenTBS,4,
- &(lvalues[3983]),0},
+ &(lvalues[3988]),0},
{"setct-AcqCardCodeMsg","setct-AcqCardCodeMsg",
- NID_setct_AcqCardCodeMsg,4,&(lvalues[3987]),0},
+ NID_setct_AcqCardCodeMsg,4,&(lvalues[3992]),0},
{"setct-AuthRevReqTBS","setct-AuthRevReqTBS",NID_setct_AuthRevReqTBS,
- 4,&(lvalues[3991]),0},
+ 4,&(lvalues[3996]),0},
{"setct-AuthRevResData","setct-AuthRevResData",
- NID_setct_AuthRevResData,4,&(lvalues[3995]),0},
+ NID_setct_AuthRevResData,4,&(lvalues[4000]),0},
{"setct-AuthRevResTBS","setct-AuthRevResTBS",NID_setct_AuthRevResTBS,
- 4,&(lvalues[3999]),0},
+ 4,&(lvalues[4004]),0},
{"setct-CapReqTBS","setct-CapReqTBS",NID_setct_CapReqTBS,4,
- &(lvalues[4003]),0},
+ &(lvalues[4008]),0},
{"setct-CapReqTBSX","setct-CapReqTBSX",NID_setct_CapReqTBSX,4,
- &(lvalues[4007]),0},
+ &(lvalues[4012]),0},
{"setct-CapResData","setct-CapResData",NID_setct_CapResData,4,
- &(lvalues[4011]),0},
+ &(lvalues[4016]),0},
{"setct-CapRevReqTBS","setct-CapRevReqTBS",NID_setct_CapRevReqTBS,4,
- &(lvalues[4015]),0},
+ &(lvalues[4020]),0},
{"setct-CapRevReqTBSX","setct-CapRevReqTBSX",NID_setct_CapRevReqTBSX,
- 4,&(lvalues[4019]),0},
+ 4,&(lvalues[4024]),0},
{"setct-CapRevResData","setct-CapRevResData",NID_setct_CapRevResData,
- 4,&(lvalues[4023]),0},
+ 4,&(lvalues[4028]),0},
{"setct-CredReqTBS","setct-CredReqTBS",NID_setct_CredReqTBS,4,
- &(lvalues[4027]),0},
+ &(lvalues[4032]),0},
{"setct-CredReqTBSX","setct-CredReqTBSX",NID_setct_CredReqTBSX,4,
- &(lvalues[4031]),0},
+ &(lvalues[4036]),0},
{"setct-CredResData","setct-CredResData",NID_setct_CredResData,4,
- &(lvalues[4035]),0},
+ &(lvalues[4040]),0},
{"setct-CredRevReqTBS","setct-CredRevReqTBS",NID_setct_CredRevReqTBS,
- 4,&(lvalues[4039]),0},
+ 4,&(lvalues[4044]),0},
{"setct-CredRevReqTBSX","setct-CredRevReqTBSX",
- NID_setct_CredRevReqTBSX,4,&(lvalues[4043]),0},
+ NID_setct_CredRevReqTBSX,4,&(lvalues[4048]),0},
{"setct-CredRevResData","setct-CredRevResData",
- NID_setct_CredRevResData,4,&(lvalues[4047]),0},
+ NID_setct_CredRevResData,4,&(lvalues[4052]),0},
{"setct-PCertReqData","setct-PCertReqData",NID_setct_PCertReqData,4,
- &(lvalues[4051]),0},
+ &(lvalues[4056]),0},
{"setct-PCertResTBS","setct-PCertResTBS",NID_setct_PCertResTBS,4,
- &(lvalues[4055]),0},
+ &(lvalues[4060]),0},
{"setct-BatchAdminReqData","setct-BatchAdminReqData",
- NID_setct_BatchAdminReqData,4,&(lvalues[4059]),0},
+ NID_setct_BatchAdminReqData,4,&(lvalues[4064]),0},
{"setct-BatchAdminResData","setct-BatchAdminResData",
- NID_setct_BatchAdminResData,4,&(lvalues[4063]),0},
+ NID_setct_BatchAdminResData,4,&(lvalues[4068]),0},
{"setct-CardCInitResTBS","setct-CardCInitResTBS",
- NID_setct_CardCInitResTBS,4,&(lvalues[4067]),0},
+ NID_setct_CardCInitResTBS,4,&(lvalues[4072]),0},
{"setct-MeAqCInitResTBS","setct-MeAqCInitResTBS",
- NID_setct_MeAqCInitResTBS,4,&(lvalues[4071]),0},
+ NID_setct_MeAqCInitResTBS,4,&(lvalues[4076]),0},
{"setct-RegFormResTBS","setct-RegFormResTBS",NID_setct_RegFormResTBS,
- 4,&(lvalues[4075]),0},
+ 4,&(lvalues[4080]),0},
{"setct-CertReqData","setct-CertReqData",NID_setct_CertReqData,4,
- &(lvalues[4079]),0},
+ &(lvalues[4084]),0},
{"setct-CertReqTBS","setct-CertReqTBS",NID_setct_CertReqTBS,4,
- &(lvalues[4083]),0},
+ &(lvalues[4088]),0},
{"setct-CertResData","setct-CertResData",NID_setct_CertResData,4,
- &(lvalues[4087]),0},
+ &(lvalues[4092]),0},
{"setct-CertInqReqTBS","setct-CertInqReqTBS",NID_setct_CertInqReqTBS,
- 4,&(lvalues[4091]),0},
+ 4,&(lvalues[4096]),0},
{"setct-ErrorTBS","setct-ErrorTBS",NID_setct_ErrorTBS,4,
- &(lvalues[4095]),0},
+ &(lvalues[4100]),0},
{"setct-PIDualSignedTBE","setct-PIDualSignedTBE",
- NID_setct_PIDualSignedTBE,4,&(lvalues[4099]),0},
+ NID_setct_PIDualSignedTBE,4,&(lvalues[4104]),0},
{"setct-PIUnsignedTBE","setct-PIUnsignedTBE",NID_setct_PIUnsignedTBE,
- 4,&(lvalues[4103]),0},
+ 4,&(lvalues[4108]),0},
{"setct-AuthReqTBE","setct-AuthReqTBE",NID_setct_AuthReqTBE,4,
- &(lvalues[4107]),0},
+ &(lvalues[4112]),0},
{"setct-AuthResTBE","setct-AuthResTBE",NID_setct_AuthResTBE,4,
- &(lvalues[4111]),0},
+ &(lvalues[4116]),0},
{"setct-AuthResTBEX","setct-AuthResTBEX",NID_setct_AuthResTBEX,4,
- &(lvalues[4115]),0},
+ &(lvalues[4120]),0},
{"setct-AuthTokenTBE","setct-AuthTokenTBE",NID_setct_AuthTokenTBE,4,
- &(lvalues[4119]),0},
+ &(lvalues[4124]),0},
{"setct-CapTokenTBE","setct-CapTokenTBE",NID_setct_CapTokenTBE,4,
- &(lvalues[4123]),0},
+ &(lvalues[4128]),0},
{"setct-CapTokenTBEX","setct-CapTokenTBEX",NID_setct_CapTokenTBEX,4,
- &(lvalues[4127]),0},
+ &(lvalues[4132]),0},
{"setct-AcqCardCodeMsgTBE","setct-AcqCardCodeMsgTBE",
- NID_setct_AcqCardCodeMsgTBE,4,&(lvalues[4131]),0},
+ NID_setct_AcqCardCodeMsgTBE,4,&(lvalues[4136]),0},
{"setct-AuthRevReqTBE","setct-AuthRevReqTBE",NID_setct_AuthRevReqTBE,
- 4,&(lvalues[4135]),0},
+ 4,&(lvalues[4140]),0},
{"setct-AuthRevResTBE","setct-AuthRevResTBE",NID_setct_AuthRevResTBE,
- 4,&(lvalues[4139]),0},
+ 4,&(lvalues[4144]),0},
{"setct-AuthRevResTBEB","setct-AuthRevResTBEB",
- NID_setct_AuthRevResTBEB,4,&(lvalues[4143]),0},
+ NID_setct_AuthRevResTBEB,4,&(lvalues[4148]),0},
{"setct-CapReqTBE","setct-CapReqTBE",NID_setct_CapReqTBE,4,
- &(lvalues[4147]),0},
+ &(lvalues[4152]),0},
{"setct-CapReqTBEX","setct-CapReqTBEX",NID_setct_CapReqTBEX,4,
- &(lvalues[4151]),0},
+ &(lvalues[4156]),0},
{"setct-CapResTBE","setct-CapResTBE",NID_setct_CapResTBE,4,
- &(lvalues[4155]),0},
+ &(lvalues[4160]),0},
{"setct-CapRevReqTBE","setct-CapRevReqTBE",NID_setct_CapRevReqTBE,4,
- &(lvalues[4159]),0},
+ &(lvalues[4164]),0},
{"setct-CapRevReqTBEX","setct-CapRevReqTBEX",NID_setct_CapRevReqTBEX,
- 4,&(lvalues[4163]),0},
+ 4,&(lvalues[4168]),0},
{"setct-CapRevResTBE","setct-CapRevResTBE",NID_setct_CapRevResTBE,4,
- &(lvalues[4167]),0},
+ &(lvalues[4172]),0},
{"setct-CredReqTBE","setct-CredReqTBE",NID_setct_CredReqTBE,4,
- &(lvalues[4171]),0},
+ &(lvalues[4176]),0},
{"setct-CredReqTBEX","setct-CredReqTBEX",NID_setct_CredReqTBEX,4,
- &(lvalues[4175]),0},
+ &(lvalues[4180]),0},
{"setct-CredResTBE","setct-CredResTBE",NID_setct_CredResTBE,4,
- &(lvalues[4179]),0},
+ &(lvalues[4184]),0},
{"setct-CredRevReqTBE","setct-CredRevReqTBE",NID_setct_CredRevReqTBE,
- 4,&(lvalues[4183]),0},
+ 4,&(lvalues[4188]),0},
{"setct-CredRevReqTBEX","setct-CredRevReqTBEX",
- NID_setct_CredRevReqTBEX,4,&(lvalues[4187]),0},
+ NID_setct_CredRevReqTBEX,4,&(lvalues[4192]),0},
{"setct-CredRevResTBE","setct-CredRevResTBE",NID_setct_CredRevResTBE,
- 4,&(lvalues[4191]),0},
+ 4,&(lvalues[4196]),0},
{"setct-BatchAdminReqTBE","setct-BatchAdminReqTBE",
- NID_setct_BatchAdminReqTBE,4,&(lvalues[4195]),0},
+ NID_setct_BatchAdminReqTBE,4,&(lvalues[4200]),0},
{"setct-BatchAdminResTBE","setct-BatchAdminResTBE",
- NID_setct_BatchAdminResTBE,4,&(lvalues[4199]),0},
+ NID_setct_BatchAdminResTBE,4,&(lvalues[4204]),0},
{"setct-RegFormReqTBE","setct-RegFormReqTBE",NID_setct_RegFormReqTBE,
- 4,&(lvalues[4203]),0},
+ 4,&(lvalues[4208]),0},
{"setct-CertReqTBE","setct-CertReqTBE",NID_setct_CertReqTBE,4,
- &(lvalues[4207]),0},
+ &(lvalues[4212]),0},
{"setct-CertReqTBEX","setct-CertReqTBEX",NID_setct_CertReqTBEX,4,
- &(lvalues[4211]),0},
+ &(lvalues[4216]),0},
{"setct-CertResTBE","setct-CertResTBE",NID_setct_CertResTBE,4,
- &(lvalues[4215]),0},
+ &(lvalues[4220]),0},
{"setct-CRLNotificationTBS","setct-CRLNotificationTBS",
- NID_setct_CRLNotificationTBS,4,&(lvalues[4219]),0},
+ NID_setct_CRLNotificationTBS,4,&(lvalues[4224]),0},
{"setct-CRLNotificationResTBS","setct-CRLNotificationResTBS",
- NID_setct_CRLNotificationResTBS,4,&(lvalues[4223]),0},
+ NID_setct_CRLNotificationResTBS,4,&(lvalues[4228]),0},
{"setct-BCIDistributionTBS","setct-BCIDistributionTBS",
- NID_setct_BCIDistributionTBS,4,&(lvalues[4227]),0},
+ NID_setct_BCIDistributionTBS,4,&(lvalues[4232]),0},
{"setext-genCrypt","generic cryptogram",NID_setext_genCrypt,4,
- &(lvalues[4231]),0},
+ &(lvalues[4236]),0},
{"setext-miAuth","merchant initiated auth",NID_setext_miAuth,4,
- &(lvalues[4235]),0},
+ &(lvalues[4240]),0},
{"setext-pinSecure","setext-pinSecure",NID_setext_pinSecure,4,
- &(lvalues[4239]),0},
-{"setext-pinAny","setext-pinAny",NID_setext_pinAny,4,&(lvalues[4243]),0},
-{"setext-track2","setext-track2",NID_setext_track2,4,&(lvalues[4247]),0},
+ &(lvalues[4244]),0},
+{"setext-pinAny","setext-pinAny",NID_setext_pinAny,4,&(lvalues[4248]),0},
+{"setext-track2","setext-track2",NID_setext_track2,4,&(lvalues[4252]),0},
{"setext-cv","additional verification",NID_setext_cv,4,
- &(lvalues[4251]),0},
+ &(lvalues[4256]),0},
{"set-policy-root","set-policy-root",NID_set_policy_root,4,
- &(lvalues[4255]),0},
+ &(lvalues[4260]),0},
{"setCext-hashedRoot","setCext-hashedRoot",NID_setCext_hashedRoot,4,
- &(lvalues[4259]),0},
+ &(lvalues[4264]),0},
{"setCext-certType","setCext-certType",NID_setCext_certType,4,
- &(lvalues[4263]),0},
+ &(lvalues[4268]),0},
{"setCext-merchData","setCext-merchData",NID_setCext_merchData,4,
- &(lvalues[4267]),0},
+ &(lvalues[4272]),0},
{"setCext-cCertRequired","setCext-cCertRequired",
- NID_setCext_cCertRequired,4,&(lvalues[4271]),0},
+ NID_setCext_cCertRequired,4,&(lvalues[4276]),0},
{"setCext-tunneling","setCext-tunneling",NID_setCext_tunneling,4,
- &(lvalues[4275]),0},
+ &(lvalues[4280]),0},
{"setCext-setExt","setCext-setExt",NID_setCext_setExt,4,
- &(lvalues[4279]),0},
+ &(lvalues[4284]),0},
{"setCext-setQualf","setCext-setQualf",NID_setCext_setQualf,4,
- &(lvalues[4283]),0},
+ &(lvalues[4288]),0},
{"setCext-PGWYcapabilities","setCext-PGWYcapabilities",
- NID_setCext_PGWYcapabilities,4,&(lvalues[4287]),0},
+ NID_setCext_PGWYcapabilities,4,&(lvalues[4292]),0},
{"setCext-TokenIdentifier","setCext-TokenIdentifier",
- NID_setCext_TokenIdentifier,4,&(lvalues[4291]),0},
+ NID_setCext_TokenIdentifier,4,&(lvalues[4296]),0},
{"setCext-Track2Data","setCext-Track2Data",NID_setCext_Track2Data,4,
- &(lvalues[4295]),0},
+ &(lvalues[4300]),0},
{"setCext-TokenType","setCext-TokenType",NID_setCext_TokenType,4,
- &(lvalues[4299]),0},
+ &(lvalues[4304]),0},
{"setCext-IssuerCapabilities","setCext-IssuerCapabilities",
- NID_setCext_IssuerCapabilities,4,&(lvalues[4303]),0},
-{"setAttr-Cert","setAttr-Cert",NID_setAttr_Cert,4,&(lvalues[4307]),0},
+ NID_setCext_IssuerCapabilities,4,&(lvalues[4308]),0},
+{"setAttr-Cert","setAttr-Cert",NID_setAttr_Cert,4,&(lvalues[4312]),0},
{"setAttr-PGWYcap","payment gateway capabilities",NID_setAttr_PGWYcap,
- 4,&(lvalues[4311]),0},
+ 4,&(lvalues[4316]),0},
{"setAttr-TokenType","setAttr-TokenType",NID_setAttr_TokenType,4,
- &(lvalues[4315]),0},
+ &(lvalues[4320]),0},
{"setAttr-IssCap","issuer capabilities",NID_setAttr_IssCap,4,
- &(lvalues[4319]),0},
+ &(lvalues[4324]),0},
{"set-rootKeyThumb","set-rootKeyThumb",NID_set_rootKeyThumb,5,
- &(lvalues[4323]),0},
-{"set-addPolicy","set-addPolicy",NID_set_addPolicy,5,&(lvalues[4328]),0},
+ &(lvalues[4328]),0},
+{"set-addPolicy","set-addPolicy",NID_set_addPolicy,5,&(lvalues[4333]),0},
{"setAttr-Token-EMV","setAttr-Token-EMV",NID_setAttr_Token_EMV,5,
- &(lvalues[4333]),0},
+ &(lvalues[4338]),0},
{"setAttr-Token-B0Prime","setAttr-Token-B0Prime",
- NID_setAttr_Token_B0Prime,5,&(lvalues[4338]),0},
+ NID_setAttr_Token_B0Prime,5,&(lvalues[4343]),0},
{"setAttr-IssCap-CVM","setAttr-IssCap-CVM",NID_setAttr_IssCap_CVM,5,
- &(lvalues[4343]),0},
-{"setAttr-IssCap-T2","setAttr-IssCap-T2",NID_setAttr_IssCap_T2,5,
&(lvalues[4348]),0},
-{"setAttr-IssCap-Sig","setAttr-IssCap-Sig",NID_setAttr_IssCap_Sig,5,
+{"setAttr-IssCap-T2","setAttr-IssCap-T2",NID_setAttr_IssCap_T2,5,
&(lvalues[4353]),0},
+{"setAttr-IssCap-Sig","setAttr-IssCap-Sig",NID_setAttr_IssCap_Sig,5,
+ &(lvalues[4358]),0},
{"setAttr-GenCryptgrm","generate cryptogram",NID_setAttr_GenCryptgrm,
- 6,&(lvalues[4358]),0},
+ 6,&(lvalues[4363]),0},
{"setAttr-T2Enc","encrypted track 2",NID_setAttr_T2Enc,6,
- &(lvalues[4364]),0},
+ &(lvalues[4369]),0},
{"setAttr-T2cleartxt","cleartext track 2",NID_setAttr_T2cleartxt,6,
- &(lvalues[4370]),0},
+ &(lvalues[4375]),0},
{"setAttr-TokICCsig","ICC or token signature",NID_setAttr_TokICCsig,6,
- &(lvalues[4376]),0},
+ &(lvalues[4381]),0},
{"setAttr-SecDevSig","secure device signature",NID_setAttr_SecDevSig,
- 6,&(lvalues[4382]),0},
+ 6,&(lvalues[4387]),0},
{"set-brand-IATA-ATA","set-brand-IATA-ATA",NID_set_brand_IATA_ATA,4,
- &(lvalues[4388]),0},
+ &(lvalues[4393]),0},
{"set-brand-Diners","set-brand-Diners",NID_set_brand_Diners,4,
- &(lvalues[4392]),0},
+ &(lvalues[4397]),0},
{"set-brand-AmericanExpress","set-brand-AmericanExpress",
- NID_set_brand_AmericanExpress,4,&(lvalues[4396]),0},
-{"set-brand-JCB","set-brand-JCB",NID_set_brand_JCB,4,&(lvalues[4400]),0},
+ NID_set_brand_AmericanExpress,4,&(lvalues[4401]),0},
+{"set-brand-JCB","set-brand-JCB",NID_set_brand_JCB,4,&(lvalues[4405]),0},
{"set-brand-Visa","set-brand-Visa",NID_set_brand_Visa,4,
- &(lvalues[4404]),0},
+ &(lvalues[4409]),0},
{"set-brand-MasterCard","set-brand-MasterCard",
- NID_set_brand_MasterCard,4,&(lvalues[4408]),0},
+ NID_set_brand_MasterCard,4,&(lvalues[4413]),0},
{"set-brand-Novus","set-brand-Novus",NID_set_brand_Novus,5,
- &(lvalues[4412]),0},
-{"DES-CDMF","des-cdmf",NID_des_cdmf,8,&(lvalues[4417]),0},
+ &(lvalues[4417]),0},
+{"DES-CDMF","des-cdmf",NID_des_cdmf,8,&(lvalues[4422]),0},
{"rsaOAEPEncryptionSET","rsaOAEPEncryptionSET",
- NID_rsaOAEPEncryptionSET,9,&(lvalues[4425]),0},
-{"ITU-T","itu-t",NID_itu_t,1,&(lvalues[4434]),0},
+ NID_rsaOAEPEncryptionSET,9,&(lvalues[4430]),0},
+{"ITU-T","itu-t",NID_itu_t,1,&(lvalues[4439]),0},
{"JOINT-ISO-ITU-T","joint-iso-itu-t",NID_joint_iso_itu_t,1,
- &(lvalues[4435]),0},
+ &(lvalues[4440]),0},
{"international-organizations","International Organizations",
- NID_international_organizations,1,&(lvalues[4436]),0},
+ NID_international_organizations,1,&(lvalues[4441]),0},
{"msSmartcardLogin","Microsoft Smartcardlogin",NID_ms_smartcard_login,
- 10,&(lvalues[4437]),0},
+ 10,&(lvalues[4442]),0},
{"msUPN","Microsoft Universal Principal Name",NID_ms_upn,10,
- &(lvalues[4447]),0},
+ &(lvalues[4452]),0},
{"AES-128-CFB1","aes-128-cfb1",NID_aes_128_cfb1,0,NULL,0},
{"AES-192-CFB1","aes-192-cfb1",NID_aes_192_cfb1,0,NULL,0},
{"AES-256-CFB1","aes-256-cfb1",NID_aes_256_cfb1,0,NULL,0},
{"DES-CFB8","des-cfb8",NID_des_cfb8,0,NULL,0},
{"DES-EDE3-CFB1","des-ede3-cfb1",NID_des_ede3_cfb1,0,NULL,0},
{"DES-EDE3-CFB8","des-ede3-cfb8",NID_des_ede3_cfb8,0,NULL,0},
-{"streetAddress","streetAddress",NID_streetAddress,3,&(lvalues[4457]),0},
-{"postalCode","postalCode",NID_postalCode,3,&(lvalues[4460]),0},
-{"id-ppl","id-ppl",NID_id_ppl,7,&(lvalues[4463]),0},
+{"streetAddress","streetAddress",NID_streetAddress,3,&(lvalues[4462]),0},
+{"postalCode","postalCode",NID_postalCode,3,&(lvalues[4465]),0},
+{"id-ppl","id-ppl",NID_id_ppl,7,&(lvalues[4468]),0},
{"proxyCertInfo","Proxy Certificate Information",NID_proxyCertInfo,8,
- &(lvalues[4470]),0},
+ &(lvalues[4475]),0},
{"id-ppl-anyLanguage","Any language",NID_id_ppl_anyLanguage,8,
- &(lvalues[4478]),0},
+ &(lvalues[4483]),0},
{"id-ppl-inheritAll","Inherit all",NID_id_ppl_inheritAll,8,
- &(lvalues[4486]),0},
+ &(lvalues[4491]),0},
{"nameConstraints","X509v3 Name Constraints",NID_name_constraints,3,
- &(lvalues[4494]),0},
-{"id-ppl-independent","Independent",NID_Independent,8,&(lvalues[4497]),0},
+ &(lvalues[4499]),0},
+{"id-ppl-independent","Independent",NID_Independent,8,&(lvalues[4502]),0},
{"RSA-SHA256","sha256WithRSAEncryption",NID_sha256WithRSAEncryption,9,
- &(lvalues[4505]),0},
+ &(lvalues[4510]),0},
{"RSA-SHA384","sha384WithRSAEncryption",NID_sha384WithRSAEncryption,9,
- &(lvalues[4514]),0},
+ &(lvalues[4519]),0},
{"RSA-SHA512","sha512WithRSAEncryption",NID_sha512WithRSAEncryption,9,
- &(lvalues[4523]),0},
+ &(lvalues[4528]),0},
{"RSA-SHA224","sha224WithRSAEncryption",NID_sha224WithRSAEncryption,9,
- &(lvalues[4532]),0},
-{"SHA256","sha256",NID_sha256,9,&(lvalues[4541]),0},
-{"SHA384","sha384",NID_sha384,9,&(lvalues[4550]),0},
-{"SHA512","sha512",NID_sha512,9,&(lvalues[4559]),0},
-{"SHA224","sha224",NID_sha224,9,&(lvalues[4568]),0},
+ &(lvalues[4537]),0},
+{"SHA256","sha256",NID_sha256,9,&(lvalues[4546]),0},
+{"SHA384","sha384",NID_sha384,9,&(lvalues[4555]),0},
+{"SHA512","sha512",NID_sha512,9,&(lvalues[4564]),0},
+{"SHA224","sha224",NID_sha224,9,&(lvalues[4573]),0},
{"identified-organization","identified-organization",
- NID_identified_organization,1,&(lvalues[4577]),0},
-{"certicom-arc","certicom-arc",NID_certicom_arc,3,&(lvalues[4578]),0},
-{"wap","wap",NID_wap,2,&(lvalues[4581]),0},
-{"wap-wsg","wap-wsg",NID_wap_wsg,3,&(lvalues[4583]),0},
+ NID_identified_organization,1,&(lvalues[4582]),0},
+{"certicom-arc","certicom-arc",NID_certicom_arc,3,&(lvalues[4583]),0},
+{"wap","wap",NID_wap,2,&(lvalues[4586]),0},
+{"wap-wsg","wap-wsg",NID_wap_wsg,3,&(lvalues[4588]),0},
{"id-characteristic-two-basis","id-characteristic-two-basis",
- NID_X9_62_id_characteristic_two_basis,8,&(lvalues[4586]),0},
-{"onBasis","onBasis",NID_X9_62_onBasis,9,&(lvalues[4594]),0},
-{"tpBasis","tpBasis",NID_X9_62_tpBasis,9,&(lvalues[4603]),0},
-{"ppBasis","ppBasis",NID_X9_62_ppBasis,9,&(lvalues[4612]),0},
-{"c2pnb163v1","c2pnb163v1",NID_X9_62_c2pnb163v1,8,&(lvalues[4621]),0},
-{"c2pnb163v2","c2pnb163v2",NID_X9_62_c2pnb163v2,8,&(lvalues[4629]),0},
-{"c2pnb163v3","c2pnb163v3",NID_X9_62_c2pnb163v3,8,&(lvalues[4637]),0},
-{"c2pnb176v1","c2pnb176v1",NID_X9_62_c2pnb176v1,8,&(lvalues[4645]),0},
-{"c2tnb191v1","c2tnb191v1",NID_X9_62_c2tnb191v1,8,&(lvalues[4653]),0},
-{"c2tnb191v2","c2tnb191v2",NID_X9_62_c2tnb191v2,8,&(lvalues[4661]),0},
-{"c2tnb191v3","c2tnb191v3",NID_X9_62_c2tnb191v3,8,&(lvalues[4669]),0},
-{"c2onb191v4","c2onb191v4",NID_X9_62_c2onb191v4,8,&(lvalues[4677]),0},
-{"c2onb191v5","c2onb191v5",NID_X9_62_c2onb191v5,8,&(lvalues[4685]),0},
-{"c2pnb208w1","c2pnb208w1",NID_X9_62_c2pnb208w1,8,&(lvalues[4693]),0},
-{"c2tnb239v1","c2tnb239v1",NID_X9_62_c2tnb239v1,8,&(lvalues[4701]),0},
-{"c2tnb239v2","c2tnb239v2",NID_X9_62_c2tnb239v2,8,&(lvalues[4709]),0},
-{"c2tnb239v3","c2tnb239v3",NID_X9_62_c2tnb239v3,8,&(lvalues[4717]),0},
-{"c2onb239v4","c2onb239v4",NID_X9_62_c2onb239v4,8,&(lvalues[4725]),0},
-{"c2onb239v5","c2onb239v5",NID_X9_62_c2onb239v5,8,&(lvalues[4733]),0},
-{"c2pnb272w1","c2pnb272w1",NID_X9_62_c2pnb272w1,8,&(lvalues[4741]),0},
-{"c2pnb304w1","c2pnb304w1",NID_X9_62_c2pnb304w1,8,&(lvalues[4749]),0},
-{"c2tnb359v1","c2tnb359v1",NID_X9_62_c2tnb359v1,8,&(lvalues[4757]),0},
-{"c2pnb368w1","c2pnb368w1",NID_X9_62_c2pnb368w1,8,&(lvalues[4765]),0},
-{"c2tnb431r1","c2tnb431r1",NID_X9_62_c2tnb431r1,8,&(lvalues[4773]),0},
-{"secp112r1","secp112r1",NID_secp112r1,5,&(lvalues[4781]),0},
-{"secp112r2","secp112r2",NID_secp112r2,5,&(lvalues[4786]),0},
-{"secp128r1","secp128r1",NID_secp128r1,5,&(lvalues[4791]),0},
-{"secp128r2","secp128r2",NID_secp128r2,5,&(lvalues[4796]),0},
-{"secp160k1","secp160k1",NID_secp160k1,5,&(lvalues[4801]),0},
-{"secp160r1","secp160r1",NID_secp160r1,5,&(lvalues[4806]),0},
-{"secp160r2","secp160r2",NID_secp160r2,5,&(lvalues[4811]),0},
-{"secp192k1","secp192k1",NID_secp192k1,5,&(lvalues[4816]),0},
-{"secp224k1","secp224k1",NID_secp224k1,5,&(lvalues[4821]),0},
-{"secp224r1","secp224r1",NID_secp224r1,5,&(lvalues[4826]),0},
-{"secp256k1","secp256k1",NID_secp256k1,5,&(lvalues[4831]),0},
-{"secp384r1","secp384r1",NID_secp384r1,5,&(lvalues[4836]),0},
-{"secp521r1","secp521r1",NID_secp521r1,5,&(lvalues[4841]),0},
-{"sect113r1","sect113r1",NID_sect113r1,5,&(lvalues[4846]),0},
-{"sect113r2","sect113r2",NID_sect113r2,5,&(lvalues[4851]),0},
-{"sect131r1","sect131r1",NID_sect131r1,5,&(lvalues[4856]),0},
-{"sect131r2","sect131r2",NID_sect131r2,5,&(lvalues[4861]),0},
-{"sect163k1","sect163k1",NID_sect163k1,5,&(lvalues[4866]),0},
-{"sect163r1","sect163r1",NID_sect163r1,5,&(lvalues[4871]),0},
-{"sect163r2","sect163r2",NID_sect163r2,5,&(lvalues[4876]),0},
-{"sect193r1","sect193r1",NID_sect193r1,5,&(lvalues[4881]),0},
-{"sect193r2","sect193r2",NID_sect193r2,5,&(lvalues[4886]),0},
-{"sect233k1","sect233k1",NID_sect233k1,5,&(lvalues[4891]),0},
-{"sect233r1","sect233r1",NID_sect233r1,5,&(lvalues[4896]),0},
-{"sect239k1","sect239k1",NID_sect239k1,5,&(lvalues[4901]),0},
-{"sect283k1","sect283k1",NID_sect283k1,5,&(lvalues[4906]),0},
-{"sect283r1","sect283r1",NID_sect283r1,5,&(lvalues[4911]),0},
-{"sect409k1","sect409k1",NID_sect409k1,5,&(lvalues[4916]),0},
-{"sect409r1","sect409r1",NID_sect409r1,5,&(lvalues[4921]),0},
-{"sect571k1","sect571k1",NID_sect571k1,5,&(lvalues[4926]),0},
-{"sect571r1","sect571r1",NID_sect571r1,5,&(lvalues[4931]),0},
+ NID_X9_62_id_characteristic_two_basis,8,&(lvalues[4591]),0},
+{"onBasis","onBasis",NID_X9_62_onBasis,9,&(lvalues[4599]),0},
+{"tpBasis","tpBasis",NID_X9_62_tpBasis,9,&(lvalues[4608]),0},
+{"ppBasis","ppBasis",NID_X9_62_ppBasis,9,&(lvalues[4617]),0},
+{"c2pnb163v1","c2pnb163v1",NID_X9_62_c2pnb163v1,8,&(lvalues[4626]),0},
+{"c2pnb163v2","c2pnb163v2",NID_X9_62_c2pnb163v2,8,&(lvalues[4634]),0},
+{"c2pnb163v3","c2pnb163v3",NID_X9_62_c2pnb163v3,8,&(lvalues[4642]),0},
+{"c2pnb176v1","c2pnb176v1",NID_X9_62_c2pnb176v1,8,&(lvalues[4650]),0},
+{"c2tnb191v1","c2tnb191v1",NID_X9_62_c2tnb191v1,8,&(lvalues[4658]),0},
+{"c2tnb191v2","c2tnb191v2",NID_X9_62_c2tnb191v2,8,&(lvalues[4666]),0},
+{"c2tnb191v3","c2tnb191v3",NID_X9_62_c2tnb191v3,8,&(lvalues[4674]),0},
+{"c2onb191v4","c2onb191v4",NID_X9_62_c2onb191v4,8,&(lvalues[4682]),0},
+{"c2onb191v5","c2onb191v5",NID_X9_62_c2onb191v5,8,&(lvalues[4690]),0},
+{"c2pnb208w1","c2pnb208w1",NID_X9_62_c2pnb208w1,8,&(lvalues[4698]),0},
+{"c2tnb239v1","c2tnb239v1",NID_X9_62_c2tnb239v1,8,&(lvalues[4706]),0},
+{"c2tnb239v2","c2tnb239v2",NID_X9_62_c2tnb239v2,8,&(lvalues[4714]),0},
+{"c2tnb239v3","c2tnb239v3",NID_X9_62_c2tnb239v3,8,&(lvalues[4722]),0},
+{"c2onb239v4","c2onb239v4",NID_X9_62_c2onb239v4,8,&(lvalues[4730]),0},
+{"c2onb239v5","c2onb239v5",NID_X9_62_c2onb239v5,8,&(lvalues[4738]),0},
+{"c2pnb272w1","c2pnb272w1",NID_X9_62_c2pnb272w1,8,&(lvalues[4746]),0},
+{"c2pnb304w1","c2pnb304w1",NID_X9_62_c2pnb304w1,8,&(lvalues[4754]),0},
+{"c2tnb359v1","c2tnb359v1",NID_X9_62_c2tnb359v1,8,&(lvalues[4762]),0},
+{"c2pnb368w1","c2pnb368w1",NID_X9_62_c2pnb368w1,8,&(lvalues[4770]),0},
+{"c2tnb431r1","c2tnb431r1",NID_X9_62_c2tnb431r1,8,&(lvalues[4778]),0},
+{"secp112r1","secp112r1",NID_secp112r1,5,&(lvalues[4786]),0},
+{"secp112r2","secp112r2",NID_secp112r2,5,&(lvalues[4791]),0},
+{"secp128r1","secp128r1",NID_secp128r1,5,&(lvalues[4796]),0},
+{"secp128r2","secp128r2",NID_secp128r2,5,&(lvalues[4801]),0},
+{"secp160k1","secp160k1",NID_secp160k1,5,&(lvalues[4806]),0},
+{"secp160r1","secp160r1",NID_secp160r1,5,&(lvalues[4811]),0},
+{"secp160r2","secp160r2",NID_secp160r2,5,&(lvalues[4816]),0},
+{"secp192k1","secp192k1",NID_secp192k1,5,&(lvalues[4821]),0},
+{"secp224k1","secp224k1",NID_secp224k1,5,&(lvalues[4826]),0},
+{"secp224r1","secp224r1",NID_secp224r1,5,&(lvalues[4831]),0},
+{"secp256k1","secp256k1",NID_secp256k1,5,&(lvalues[4836]),0},
+{"secp384r1","secp384r1",NID_secp384r1,5,&(lvalues[4841]),0},
+{"secp521r1","secp521r1",NID_secp521r1,5,&(lvalues[4846]),0},
+{"sect113r1","sect113r1",NID_sect113r1,5,&(lvalues[4851]),0},
+{"sect113r2","sect113r2",NID_sect113r2,5,&(lvalues[4856]),0},
+{"sect131r1","sect131r1",NID_sect131r1,5,&(lvalues[4861]),0},
+{"sect131r2","sect131r2",NID_sect131r2,5,&(lvalues[4866]),0},
+{"sect163k1","sect163k1",NID_sect163k1,5,&(lvalues[4871]),0},
+{"sect163r1","sect163r1",NID_sect163r1,5,&(lvalues[4876]),0},
+{"sect163r2","sect163r2",NID_sect163r2,5,&(lvalues[4881]),0},
+{"sect193r1","sect193r1",NID_sect193r1,5,&(lvalues[4886]),0},
+{"sect193r2","sect193r2",NID_sect193r2,5,&(lvalues[4891]),0},
+{"sect233k1","sect233k1",NID_sect233k1,5,&(lvalues[4896]),0},
+{"sect233r1","sect233r1",NID_sect233r1,5,&(lvalues[4901]),0},
+{"sect239k1","sect239k1",NID_sect239k1,5,&(lvalues[4906]),0},
+{"sect283k1","sect283k1",NID_sect283k1,5,&(lvalues[4911]),0},
+{"sect283r1","sect283r1",NID_sect283r1,5,&(lvalues[4916]),0},
+{"sect409k1","sect409k1",NID_sect409k1,5,&(lvalues[4921]),0},
+{"sect409r1","sect409r1",NID_sect409r1,5,&(lvalues[4926]),0},
+{"sect571k1","sect571k1",NID_sect571k1,5,&(lvalues[4931]),0},
+{"sect571r1","sect571r1",NID_sect571r1,5,&(lvalues[4936]),0},
{"wap-wsg-idm-ecid-wtls1","wap-wsg-idm-ecid-wtls1",
- NID_wap_wsg_idm_ecid_wtls1,5,&(lvalues[4936]),0},
+ NID_wap_wsg_idm_ecid_wtls1,5,&(lvalues[4941]),0},
{"wap-wsg-idm-ecid-wtls3","wap-wsg-idm-ecid-wtls3",
- NID_wap_wsg_idm_ecid_wtls3,5,&(lvalues[4941]),0},
+ NID_wap_wsg_idm_ecid_wtls3,5,&(lvalues[4946]),0},
{"wap-wsg-idm-ecid-wtls4","wap-wsg-idm-ecid-wtls4",
- NID_wap_wsg_idm_ecid_wtls4,5,&(lvalues[4946]),0},
+ NID_wap_wsg_idm_ecid_wtls4,5,&(lvalues[4951]),0},
{"wap-wsg-idm-ecid-wtls5","wap-wsg-idm-ecid-wtls5",
- NID_wap_wsg_idm_ecid_wtls5,5,&(lvalues[4951]),0},
+ NID_wap_wsg_idm_ecid_wtls5,5,&(lvalues[4956]),0},
{"wap-wsg-idm-ecid-wtls6","wap-wsg-idm-ecid-wtls6",
- NID_wap_wsg_idm_ecid_wtls6,5,&(lvalues[4956]),0},
+ NID_wap_wsg_idm_ecid_wtls6,5,&(lvalues[4961]),0},
{"wap-wsg-idm-ecid-wtls7","wap-wsg-idm-ecid-wtls7",
- NID_wap_wsg_idm_ecid_wtls7,5,&(lvalues[4961]),0},
+ NID_wap_wsg_idm_ecid_wtls7,5,&(lvalues[4966]),0},
{"wap-wsg-idm-ecid-wtls8","wap-wsg-idm-ecid-wtls8",
- NID_wap_wsg_idm_ecid_wtls8,5,&(lvalues[4966]),0},
+ NID_wap_wsg_idm_ecid_wtls8,5,&(lvalues[4971]),0},
{"wap-wsg-idm-ecid-wtls9","wap-wsg-idm-ecid-wtls9",
- NID_wap_wsg_idm_ecid_wtls9,5,&(lvalues[4971]),0},
+ NID_wap_wsg_idm_ecid_wtls9,5,&(lvalues[4976]),0},
{"wap-wsg-idm-ecid-wtls10","wap-wsg-idm-ecid-wtls10",
- NID_wap_wsg_idm_ecid_wtls10,5,&(lvalues[4976]),0},
+ NID_wap_wsg_idm_ecid_wtls10,5,&(lvalues[4981]),0},
{"wap-wsg-idm-ecid-wtls11","wap-wsg-idm-ecid-wtls11",
- NID_wap_wsg_idm_ecid_wtls11,5,&(lvalues[4981]),0},
+ NID_wap_wsg_idm_ecid_wtls11,5,&(lvalues[4986]),0},
{"wap-wsg-idm-ecid-wtls12","wap-wsg-idm-ecid-wtls12",
- NID_wap_wsg_idm_ecid_wtls12,5,&(lvalues[4986]),0},
-{"anyPolicy","X509v3 Any Policy",NID_any_policy,4,&(lvalues[4991]),0},
+ NID_wap_wsg_idm_ecid_wtls12,5,&(lvalues[4991]),0},
+{"anyPolicy","X509v3 Any Policy",NID_any_policy,4,&(lvalues[4996]),0},
{"policyMappings","X509v3 Policy Mappings",NID_policy_mappings,3,
- &(lvalues[4995]),0},
+ &(lvalues[5000]),0},
{"inhibitAnyPolicy","X509v3 Inhibit Any Policy",
- NID_inhibit_any_policy,3,&(lvalues[4998]),0},
+ NID_inhibit_any_policy,3,&(lvalues[5003]),0},
{"Oakley-EC2N-3","ipsec3",NID_ipsec3,0,NULL,0},
{"Oakley-EC2N-4","ipsec4",NID_ipsec4,0,NULL,0},
{"CAMELLIA-128-CBC","camellia-128-cbc",NID_camellia_128_cbc,11,
- &(lvalues[5001]),0},
+ &(lvalues[5006]),0},
{"CAMELLIA-192-CBC","camellia-192-cbc",NID_camellia_192_cbc,11,
- &(lvalues[5012]),0},
+ &(lvalues[5017]),0},
{"CAMELLIA-256-CBC","camellia-256-cbc",NID_camellia_256_cbc,11,
- &(lvalues[5023]),0},
+ &(lvalues[5028]),0},
{"CAMELLIA-128-ECB","camellia-128-ecb",NID_camellia_128_ecb,8,
- &(lvalues[5034]),0},
+ &(lvalues[5039]),0},
{"CAMELLIA-192-ECB","camellia-192-ecb",NID_camellia_192_ecb,8,
- &(lvalues[5042]),0},
+ &(lvalues[5047]),0},
{"CAMELLIA-256-ECB","camellia-256-ecb",NID_camellia_256_ecb,8,
- &(lvalues[5050]),0},
+ &(lvalues[5055]),0},
{"CAMELLIA-128-CFB","camellia-128-cfb",NID_camellia_128_cfb128,8,
- &(lvalues[5058]),0},
+ &(lvalues[5063]),0},
{"CAMELLIA-192-CFB","camellia-192-cfb",NID_camellia_192_cfb128,8,
- &(lvalues[5066]),0},
+ &(lvalues[5071]),0},
{"CAMELLIA-256-CFB","camellia-256-cfb",NID_camellia_256_cfb128,8,
- &(lvalues[5074]),0},
+ &(lvalues[5079]),0},
{"CAMELLIA-128-CFB1","camellia-128-cfb1",NID_camellia_128_cfb1,0,NULL,0},
{"CAMELLIA-192-CFB1","camellia-192-cfb1",NID_camellia_192_cfb1,0,NULL,0},
{"CAMELLIA-256-CFB1","camellia-256-cfb1",NID_camellia_256_cfb1,0,NULL,0},
{"CAMELLIA-192-CFB8","camellia-192-cfb8",NID_camellia_192_cfb8,0,NULL,0},
{"CAMELLIA-256-CFB8","camellia-256-cfb8",NID_camellia_256_cfb8,0,NULL,0},
{"CAMELLIA-128-OFB","camellia-128-ofb",NID_camellia_128_ofb128,8,
- &(lvalues[5082]),0},
+ &(lvalues[5087]),0},
{"CAMELLIA-192-OFB","camellia-192-ofb",NID_camellia_192_ofb128,8,
- &(lvalues[5090]),0},
+ &(lvalues[5095]),0},
{"CAMELLIA-256-OFB","camellia-256-ofb",NID_camellia_256_ofb128,8,
- &(lvalues[5098]),0},
+ &(lvalues[5103]),0},
{"subjectDirectoryAttributes","X509v3 Subject Directory Attributes",
- NID_subject_directory_attributes,3,&(lvalues[5106]),0},
+ NID_subject_directory_attributes,3,&(lvalues[5111]),0},
{"issuingDistributionPoint","X509v3 Issuing Distrubution Point",
- NID_issuing_distribution_point,3,&(lvalues[5109]),0},
+ NID_issuing_distribution_point,3,&(lvalues[5114]),0},
{"certificateIssuer","X509v3 Certificate Issuer",
- NID_certificate_issuer,3,&(lvalues[5112]),0},
+ NID_certificate_issuer,3,&(lvalues[5117]),0},
{NULL,NULL,NID_undef,0,NULL,0},
-{"KISA","kisa",NID_kisa,6,&(lvalues[5115]),0},
+{"KISA","kisa",NID_kisa,6,&(lvalues[5120]),0},
{NULL,NULL,NID_undef,0,NULL,0},
{NULL,NULL,NID_undef,0,NULL,0},
-{"SEED-ECB","seed-ecb",NID_seed_ecb,8,&(lvalues[5121]),0},
-{"SEED-CBC","seed-cbc",NID_seed_cbc,8,&(lvalues[5129]),0},
-{"SEED-OFB","seed-ofb",NID_seed_ofb128,8,&(lvalues[5137]),0},
-{"SEED-CFB","seed-cfb",NID_seed_cfb128,8,&(lvalues[5145]),0},
-{"HMAC-MD5","hmac-md5",NID_hmac_md5,8,&(lvalues[5153]),0},
-{"HMAC-SHA1","hmac-sha1",NID_hmac_sha1,8,&(lvalues[5161]),0},
+{"SEED-ECB","seed-ecb",NID_seed_ecb,8,&(lvalues[5126]),0},
+{"SEED-CBC","seed-cbc",NID_seed_cbc,8,&(lvalues[5134]),0},
+{"SEED-OFB","seed-ofb",NID_seed_ofb128,8,&(lvalues[5142]),0},
+{"SEED-CFB","seed-cfb",NID_seed_cfb128,8,&(lvalues[5150]),0},
+{"HMAC-MD5","hmac-md5",NID_hmac_md5,8,&(lvalues[5158]),0},
+{"HMAC-SHA1","hmac-sha1",NID_hmac_sha1,8,&(lvalues[5166]),0},
{"id-PasswordBasedMAC","password based MAC",NID_id_PasswordBasedMAC,9,
- &(lvalues[5169]),0},
+ &(lvalues[5174]),0},
{"id-DHBasedMac","Diffie-Hellman based MAC",NID_id_DHBasedMac,9,
- &(lvalues[5178]),0},
+ &(lvalues[5183]),0},
{"id-it-suppLangTags","id-it-suppLangTags",NID_id_it_suppLangTags,8,
- &(lvalues[5187]),0},
-{"caRepository","CA Repository",NID_caRepository,8,&(lvalues[5195]),0},
+ &(lvalues[5192]),0},
+{"caRepository","CA Repository",NID_caRepository,8,&(lvalues[5200]),0},
+{"id-smime-ct-compressedData","id-smime-ct-compressedData",
+ NID_id_smime_ct_compressedData,11,&(lvalues[5208]),0},
+{"id-ct-asciiTextWithCRLF","id-ct-asciiTextWithCRLF",
+ NID_id_ct_asciiTextWithCRLF,11,&(lvalues[5219]),0},
+{"id-aes128-wrap","id-aes128-wrap",NID_id_aes128_wrap,9,
+ &(lvalues[5230]),0},
+{"id-aes192-wrap","id-aes192-wrap",NID_id_aes192_wrap,9,
+ &(lvalues[5239]),0},
+{"id-aes256-wrap","id-aes256-wrap",NID_id_aes256_wrap,9,
+ &(lvalues[5248]),0},
};
static ASN1_OBJECT *sn_objs[NUM_SN]={
&(nid_objs[357]),/* "id-aca-group" */
&(nid_objs[358]),/* "id-aca-role" */
&(nid_objs[176]),/* "id-ad" */
+&(nid_objs[788]),/* "id-aes128-wrap" */
+&(nid_objs[789]),/* "id-aes192-wrap" */
+&(nid_objs[790]),/* "id-aes256-wrap" */
&(nid_objs[262]),/* "id-alg" */
&(nid_objs[323]),/* "id-alg-des40" */
&(nid_objs[326]),/* "id-alg-dh-pop" */
&(nid_objs[332]),/* "id-cmc-senderNonce" */
&(nid_objs[327]),/* "id-cmc-statusInfo" */
&(nid_objs[331]),/* "id-cmc-transactionId" */
+&(nid_objs[787]),/* "id-ct-asciiTextWithCRLF" */
&(nid_objs[408]),/* "id-ecPublicKey" */
&(nid_objs[508]),/* "id-hex-multipart-message" */
&(nid_objs[507]),/* "id-hex-partial-message" */
&(nid_objs[208]),/* "id-smime-ct-TDTInfo" */
&(nid_objs[207]),/* "id-smime-ct-TSTInfo" */
&(nid_objs[205]),/* "id-smime-ct-authData" */
+&(nid_objs[786]),/* "id-smime-ct-compressedData" */
&(nid_objs[209]),/* "id-smime-ct-contentInfo" */
&(nid_objs[206]),/* "id-smime-ct-publishCert" */
&(nid_objs[204]),/* "id-smime-ct-receipt" */
&(nid_objs[357]),/* "id-aca-group" */
&(nid_objs[358]),/* "id-aca-role" */
&(nid_objs[176]),/* "id-ad" */
+&(nid_objs[788]),/* "id-aes128-wrap" */
+&(nid_objs[789]),/* "id-aes192-wrap" */
+&(nid_objs[790]),/* "id-aes256-wrap" */
&(nid_objs[262]),/* "id-alg" */
&(nid_objs[323]),/* "id-alg-des40" */
&(nid_objs[326]),/* "id-alg-dh-pop" */
&(nid_objs[332]),/* "id-cmc-senderNonce" */
&(nid_objs[327]),/* "id-cmc-statusInfo" */
&(nid_objs[331]),/* "id-cmc-transactionId" */
+&(nid_objs[787]),/* "id-ct-asciiTextWithCRLF" */
&(nid_objs[408]),/* "id-ecPublicKey" */
&(nid_objs[508]),/* "id-hex-multipart-message" */
&(nid_objs[507]),/* "id-hex-partial-message" */
&(nid_objs[208]),/* "id-smime-ct-TDTInfo" */
&(nid_objs[207]),/* "id-smime-ct-TSTInfo" */
&(nid_objs[205]),/* "id-smime-ct-authData" */
+&(nid_objs[786]),/* "id-smime-ct-compressedData" */
&(nid_objs[209]),/* "id-smime-ct-contentInfo" */
&(nid_objs[206]),/* "id-smime-ct-publishCert" */
&(nid_objs[204]),/* "id-smime-ct-receipt" */
&(nid_objs[744]),/* OBJ_wap_wsg_idm_ecid_wtls11 2 23 43 13 4 11 */
&(nid_objs[745]),/* OBJ_wap_wsg_idm_ecid_wtls12 2 23 43 13 4 12 */
&(nid_objs[124]),/* OBJ_rle_compression 1 1 1 1 666 1 */
-&(nid_objs[125]),/* OBJ_zlib_compression 1 1 1 1 666 2 */
&(nid_objs[773]),/* OBJ_kisa 1 2 410 200004 */
&(nid_objs[ 1]),/* OBJ_rsadsi 1 2 840 113549 */
&(nid_objs[185]),/* OBJ_X9cm 1 2 840 10040 4 */
&(nid_objs[419]),/* OBJ_aes_128_cbc 2 16 840 1 101 3 4 1 2 */
&(nid_objs[420]),/* OBJ_aes_128_ofb128 2 16 840 1 101 3 4 1 3 */
&(nid_objs[421]),/* OBJ_aes_128_cfb128 2 16 840 1 101 3 4 1 4 */
+&(nid_objs[788]),/* OBJ_id_aes128_wrap 2 16 840 1 101 3 4 1 5 */
&(nid_objs[422]),/* OBJ_aes_192_ecb 2 16 840 1 101 3 4 1 21 */
&(nid_objs[423]),/* OBJ_aes_192_cbc 2 16 840 1 101 3 4 1 22 */
&(nid_objs[424]),/* OBJ_aes_192_ofb128 2 16 840 1 101 3 4 1 23 */
&(nid_objs[425]),/* OBJ_aes_192_cfb128 2 16 840 1 101 3 4 1 24 */
+&(nid_objs[789]),/* OBJ_id_aes192_wrap 2 16 840 1 101 3 4 1 25 */
&(nid_objs[426]),/* OBJ_aes_256_ecb 2 16 840 1 101 3 4 1 41 */
&(nid_objs[427]),/* OBJ_aes_256_cbc 2 16 840 1 101 3 4 1 42 */
&(nid_objs[428]),/* OBJ_aes_256_ofb128 2 16 840 1 101 3 4 1 43 */
&(nid_objs[429]),/* OBJ_aes_256_cfb128 2 16 840 1 101 3 4 1 44 */
+&(nid_objs[790]),/* OBJ_id_aes256_wrap 2 16 840 1 101 3 4 1 45 */
&(nid_objs[672]),/* OBJ_sha256 2 16 840 1 101 3 4 2 1 */
&(nid_objs[673]),/* OBJ_sha384 2 16 840 1 101 3 4 2 2 */
&(nid_objs[674]),/* OBJ_sha512 2 16 840 1 101 3 4 2 3 */
&(nid_objs[209]),/* OBJ_id_smime_ct_contentInfo 1 2 840 113549 1 9 16 1 6 */
&(nid_objs[210]),/* OBJ_id_smime_ct_DVCSRequestData 1 2 840 113549 1 9 16 1 7 */
&(nid_objs[211]),/* OBJ_id_smime_ct_DVCSResponseData 1 2 840 113549 1 9 16 1 8 */
+&(nid_objs[786]),/* OBJ_id_smime_ct_compressedData 1 2 840 113549 1 9 16 1 9 */
+&(nid_objs[787]),/* OBJ_id_ct_asciiTextWithCRLF 1 2 840 113549 1 9 16 1 27 */
&(nid_objs[212]),/* OBJ_id_smime_aa_receiptRequest 1 2 840 113549 1 9 16 2 1 */
&(nid_objs[213]),/* OBJ_id_smime_aa_securityLabel 1 2 840 113549 1 9 16 2 2 */
&(nid_objs[214]),/* OBJ_id_smime_aa_mlExpandHistory 1 2 840 113549 1 9 16 2 3 */
&(nid_objs[245]),/* OBJ_id_smime_alg_ESDH 1 2 840 113549 1 9 16 3 5 */
&(nid_objs[246]),/* OBJ_id_smime_alg_CMS3DESwrap 1 2 840 113549 1 9 16 3 6 */
&(nid_objs[247]),/* OBJ_id_smime_alg_CMSRC2wrap 1 2 840 113549 1 9 16 3 7 */
+&(nid_objs[125]),/* OBJ_zlib_compression 1 2 840 113549 1 9 16 3 8 */
&(nid_objs[248]),/* OBJ_id_smime_cd_ldap 1 2 840 113549 1 9 16 4 1 */
&(nid_objs[249]),/* OBJ_id_smime_spq_ets_sqt_uri 1 2 840 113549 1 9 16 5 1 */
&(nid_objs[250]),/* OBJ_id_smime_spq_ets_sqt_unotice 1 2 840 113549 1 9 16 5 2 */
#define NID_id_smime_ct_DVCSResponseData 211
#define OBJ_id_smime_ct_DVCSResponseData OBJ_id_smime_ct,8L
+#define SN_id_smime_ct_compressedData "id-smime-ct-compressedData"
+#define NID_id_smime_ct_compressedData 786
+#define OBJ_id_smime_ct_compressedData OBJ_id_smime_ct,9L
+
+#define SN_id_ct_asciiTextWithCRLF "id-ct-asciiTextWithCRLF"
+#define NID_id_ct_asciiTextWithCRLF 787
+#define OBJ_id_ct_asciiTextWithCRLF OBJ_id_smime_ct,27L
+
#define SN_id_smime_aa_receiptRequest "id-smime-aa-receiptRequest"
#define NID_id_smime_aa_receiptRequest 212
#define OBJ_id_smime_aa_receiptRequest OBJ_id_smime_aa,1L
#define SN_zlib_compression "ZLIB"
#define LN_zlib_compression "zlib compression"
#define NID_zlib_compression 125
-#define OBJ_zlib_compression 1L,1L,1L,1L,666L,2L
+#define OBJ_zlib_compression OBJ_id_smime_alg,8L
#define OBJ_csor 2L,16L,840L,1L,101L,3L
#define LN_des_ede3_cfb8 "des-ede3-cfb8"
#define NID_des_ede3_cfb8 659
+#define SN_id_aes128_wrap "id-aes128-wrap"
+#define NID_id_aes128_wrap 788
+#define OBJ_id_aes128_wrap OBJ_aes,5L
+
+#define SN_id_aes192_wrap "id-aes192-wrap"
+#define NID_id_aes192_wrap 789
+#define OBJ_id_aes192_wrap OBJ_aes,25L
+
+#define SN_id_aes256_wrap "id-aes256-wrap"
+#define NID_id_aes256_wrap 790
+#define OBJ_id_aes256_wrap OBJ_aes,45L
+
#define OBJ_nist_hashalgs OBJ_nistAlgorithms,2L
#define SN_sha256 "SHA256"
id_DHBasedMac 783
id_it_suppLangTags 784
caRepository 785
+id_smime_ct_compressedData 786
+id_ct_asciiTextWithCRLF 787
+id_aes128_wrap 788
+id_aes192_wrap 789
+id_aes256_wrap 790
id-smime-ct 6 : id-smime-ct-contentInfo
id-smime-ct 7 : id-smime-ct-DVCSRequestData
id-smime-ct 8 : id-smime-ct-DVCSResponseData
+id-smime-ct 9 : id-smime-ct-compressedData
+id-smime-ct 27 : id-ct-asciiTextWithCRLF
# S/MIME Attributes
id-smime-aa 1 : id-smime-aa-receiptRequest
!Cname rle-compression
1 1 1 1 666 1 : RLE : run length compression
!Cname zlib-compression
-1 1 1 1 666 2 : ZLIB : zlib compression
+id-smime-alg 8 : ZLIB : zlib compression
# AES aka Rijndael
: DES-EDE3-CFB1 : des-ede3-cfb1
: DES-EDE3-CFB8 : des-ede3-cfb8
+aes 5 : id-aes128-wrap
+aes 25 : id-aes192-wrap
+aes 45 : id-aes256-wrap
+
# OIDs for SHA224, SHA256, SHA385 and SHA512, according to x9.84.
!Alias nist_hashalgs nistAlgorithms 2
nist_hashalgs 1 : SHA256 : sha256
typedef struct X509_name_st X509_NAME;
typedef struct x509_store_st X509_STORE;
typedef struct x509_store_ctx_st X509_STORE_CTX;
+typedef struct ssl_st SSL;
+typedef struct ssl_ctx_st SSL_CTX;
typedef struct v3_ext_ctx X509V3_CTX;
typedef struct conf_st CONF;
#define PEM_STRING_ECDSA_PUBLIC "ECDSA PUBLIC KEY"
#define PEM_STRING_ECPARAMETERS "EC PARAMETERS"
#define PEM_STRING_ECPRIVATEKEY "EC PRIVATE KEY"
+#define PEM_STRING_CMS "CMS"
/* Note that this structure is initialised by PEM_SealInit and cleaned up
by PEM_SealFinal (at least for now) */
-#!/usr/bin/env perl
+#!/usr/local/bin/perl
# require 'x86asm.pl';
-# &asm_init(<flavor>,"des-586.pl"[,$i386only]);
-# &function_begin("foo");
-# ...
-# &function_end("foo");
-# &asm_finish
-
-# AUTOLOAD is this context has quite unpleasant side effect, namely
-# that typos in function calls effectively go to assembler output,
-# but on the pros side we don't have to implement one subroutine per
-# each opcode...
-sub ::AUTOLOAD
-{ my $opcode = $AUTOLOAD;
-
- die "more than 2 arguments passed to $opcode" if ($#_>1);
-
- $opcode =~ s/.*:://;
- if ($opcode =~ /^push/) { $stack+=4; }
- elsif ($opcode =~ /^pop/) { $stack-=4; }
-
- &generic($opcode,@_) or die "undefined subroutine \&$AUTOLOAD";
-}
-
-$out=();
-$i386=0;
-
-sub ::emit
-{ my $opcode=shift;
-
- if ($#_==-1) { push(@out,"\t$opcode\n"); }
- else { push(@out,"\t$opcode\t".join(',',@_)."\n"); }
-}
-
-sub ::LB
-{ $_[0] =~ m/^e?([a-d])x$/o or die "$_[0] does not have a 'low byte'";
- $1."l";
-}
-sub ::HB
-{ $_[0] =~ m/^e?([a-d])x$/o or die "$_[0] does not have a 'high byte'";
- $1."h";
-}
-sub ::stack_push{ my $num=$_[0]*4; $stack+=$num; &sub("esp",$num); }
-sub ::stack_pop { my $num=$_[0]*4; $stack-=$num; &add("esp",$num); }
-sub ::blindpop { &pop($_[0]); $stack+=4; }
-sub ::wparam { &DWP($stack+4*$_[0],"esp"); }
-sub ::swtmp { &DWP(4*$_[0],"esp"); }
-
-sub ::bswap
-{ if ($i386) # emulate bswap for i386
- { &comment("bswap @_");
- &xchg(&HB(@_),&LB(@_));
- &ror (@_,16);
- &xchg(&HB(@_),&LB(@_));
- }
- else
- { &generic("bswap",@_); }
-}
-# These are made-up opcodes introduced over the years essentially
-# by ignorance, just alias them to real ones...
-sub ::movb { &mov(@_); }
-sub ::xorb { &xor(@_); }
-sub ::rotl { &rol(@_); }
-sub ::rotr { &ror(@_); }
-sub ::exch { &xchg(@_); }
-sub ::halt { &hlt; }
-
-sub ::function_begin
-{ &function_begin_B(@_);
- $stack=4;
- &push("ebp");
- &push("ebx");
- &push("esi");
- &push("edi");
-}
-
-sub ::function_end
-{ &pop("edi");
- &pop("esi");
- &pop("ebx");
- &pop("ebp");
- &ret();
- $stack=0;
- &function_end_B(@_);
-}
-
-sub ::function_end_A
-{ &pop("edi");
- &pop("esi");
- &pop("ebx");
- &pop("ebp");
- &ret();
- $stack+=16; # readjust esp as if we didn't pop anything
-}
-
-sub ::asciz { foreach (@_) { &data_byte(unpack("C*",$_),0); } }
-
-sub ::asm_finish
-{ &file_end();
- print @out;
-}
-
-sub ::asm_init
-{ my ($type,$fn,$cpu)=@_;
-
- $filename=$fn;
- $i386=$cpu;
-
- $elf=$cpp=$coff=$aout=$win32=$netware=$mwerks=0;
- if (($type eq "elf"))
- { $elf=1; require "x86unix.pl"; }
- elsif (($type eq "a\.out"))
- { $aout=1; require "x86unix.pl"; }
- elsif (($type eq "coff" or $type eq "gaswin"))
- { $coff=1; require "x86unix.pl"; }
- elsif (($type eq "win32n"))
- { $win32=1; require "x86nasm.pl"; }
- elsif (($type eq "nw-nasm"))
- { $netware=1; require "x86nasm.pl"; }
- elsif (($type eq "nw-mwasm"))
- { $netware=1; $mwerks=1; require "x86nasm.pl"; }
- else
- { print STDERR <<"EOF";
+# &asm_init("cpp","des-586.pl");
+# XXX
+# XXX
+# main'asm_finish
+
+sub main'asm_finish
+ {
+ &file_end();
+ &asm_finish_cpp() if $cpp;
+ print &asm_get_output();
+ }
+
+sub main'asm_init
+ {
+ ($type,$fn,$i386)=@_;
+ $filename=$fn;
+
+ $elf=$cpp=$coff=$aout=$win32=$netware=$mwerks=0;
+ if ( ($type eq "elf"))
+ { $elf=1; require "x86unix.pl"; }
+ elsif ( ($type eq "a.out"))
+ { $aout=1; require "x86unix.pl"; }
+ elsif ( ($type eq "coff" or $type eq "gaswin"))
+ { $coff=1; require "x86unix.pl"; }
+ elsif ( ($type eq "cpp"))
+ { $cpp=1; require "x86unix.pl"; }
+ elsif ( ($type eq "win32"))
+ { $win32=1; require "x86ms.pl"; }
+ elsif ( ($type eq "win32n"))
+ { $win32=1; require "x86nasm.pl"; }
+ elsif ( ($type eq "nw-nasm"))
+ { $netware=1; require "x86nasm.pl"; }
+ elsif ( ($type eq "nw-mwasm"))
+ { $netware=1; $mwerks=1; require "x86nasm.pl"; }
+ else
+ {
+ print STDERR <<"EOF";
Pick one target type from
elf - Linux, FreeBSD, Solaris x86, etc.
- a.out - DJGPP, elder OpenBSD, etc.
+ a.out - OpenBSD, DJGPP, etc.
coff - GAS/COFF such as Win32 targets
+ win32 - Windows 95/Windows NT
win32n - Windows 95/Windows NT NASM format
nw-nasm - NetWare NASM format
nw-mwasm- NetWare Metrowerks Assembler
EOF
- exit(1);
- }
-
- $pic=0;
- for (@ARGV) { $pic=1 if (/\-[fK]PIC/i); }
-
- $filename =~ s/\.pl$//;
- &file($filename);
-}
+ exit(1);
+ }
+
+ $pic=0;
+ for (@ARGV) { $pic=1 if (/\-[fK]PIC/i); }
+
+ &asm_init_output();
+
+&comment("Don't even think of reading this code");
+&comment("It was automatically generated by $filename");
+&comment("Which is a perl program used to generate the x86 assember for");
+&comment("any of ELF, a.out, COFF, Win32, ...");
+&comment("eric <eay\@cryptsoft.com>");
+&comment("");
+
+ $filename =~ s/\.pl$//;
+ &file($filename);
+ }
+
+sub asm_finish_cpp
+ {
+ return unless $cpp;
+
+ local($tmp,$i);
+ foreach $i (&get_labels())
+ {
+ $tmp.="#define $i _$i\n";
+ }
+ print <<"EOF";
+/* Run the C pre-processor over this file with one of the following defined
+ * ELF - elf object files,
+ * OUT - a.out object files,
+ * BSDI - BSDI style a.out object files
+ * SOL - Solaris style elf
+ */
+
+#define TYPE(a,b) .type a,b
+#define SIZE(a,b) .size a,b
+
+#if defined(OUT) || (defined(BSDI) && !defined(ELF))
+$tmp
+#endif
+
+#ifdef OUT
+#define OK 1
+#define ALIGN 4
+#if defined(__CYGWIN__) || defined(__DJGPP__) || (__MINGW32__)
+#undef SIZE
+#undef TYPE
+#define SIZE(a,b)
+#define TYPE(a,b) .def a; .scl 2; .type 32; .endef
+#endif /* __CYGWIN || __DJGPP */
+#endif
+
+#if defined(BSDI) && !defined(ELF)
+#define OK 1
+#define ALIGN 4
+#undef SIZE
+#undef TYPE
+#define SIZE(a,b)
+#define TYPE(a,b)
+#endif
+
+#if defined(ELF) || defined(SOL)
+#define OK 1
+#define ALIGN 16
+#endif
+
+#ifndef OK
+You need to define one of
+ELF - elf systems - linux-elf, NetBSD and DG-UX
+OUT - a.out systems - linux-a.out and FreeBSD
+SOL - solaris systems, which are elf with strange comment lines
+BSDI - a.out with a very primative version of as.
+#endif
+
+/* Let the Assembler begin :-) */
+EOF
+ }
1;
-#!/usr/bin/env perl
+#!/usr/local/bin/perl
package x86nasm;
-*out=\@::out;
-
-$lprfx="\@L";
-$label="000";
-$under=($::netware)?'':'_';
-$initseg="";
-
-sub ::generic
-{ my $opcode=shift;
- my $tmp;
-
- if (!$::mwerks)
- { if ($opcode =~ m/^j/o && $#_==0) # optimize jumps
- { $_[0] = "NEAR $_[0]"; }
- elsif ($opcode eq "lea" && $#_==1)# wipe storage qualifier from lea
- { $_[1] =~ s/^[^\[]*\[/\[/o; }
- }
- &::emit($opcode,@_);
- 1;
+$label="L000";
+$under=($main'netware)?'':'_';
+
+%lb=( 'eax', 'al',
+ 'ebx', 'bl',
+ 'ecx', 'cl',
+ 'edx', 'dl',
+ 'ax', 'al',
+ 'bx', 'bl',
+ 'cx', 'cl',
+ 'dx', 'dl',
+ );
+
+%hb=( 'eax', 'ah',
+ 'ebx', 'bh',
+ 'ecx', 'ch',
+ 'edx', 'dh',
+ 'ax', 'ah',
+ 'bx', 'bh',
+ 'cx', 'ch',
+ 'dx', 'dh',
+ );
+
+sub main'asm_init_output { @out=(); }
+sub main'asm_get_output { return(@out); }
+sub main'get_labels { return(@labels); }
+
+sub main'external_label
+{
+ push(@labels,@_);
+ foreach (@_) {
+ push(@out,".") if ($main'mwerks);
+ push(@out, "extern\t${under}$_\n");
+ }
}
-#
-# opcodes not covered by ::generic above, mostly inconsistent namings...
-#
-sub ::movz { &::movzx(@_); }
-sub ::pushf { &::pushfd; }
-sub ::popf { &::popfd; }
-
-sub ::call { &::emit("call",(&islabel($_[0]) or "$under$_[0]")); }
-sub ::call_ptr { &::emit("call",@_); }
-sub ::jmp_ptr { &::emit("jmp",@_); }
-
-# chosen SSE instructions
-sub ::movq
-{ my($p1,$p2,$optimize)=@_;
-
- if ($optimize && $p1=~/^mm[0-7]$/ && $p2=~/^mm[0-7]$/)
- # movq between mmx registers can sink Intel CPUs
- { &::pshufw($p1,$p2,0xe4); }
- else
- { &::emit("movq",@_); }
-}
-sub ::pshufw { &::emit("pshufw",@_); }
+
+sub main'LB
+ {
+ (defined($lb{$_[0]})) || die "$_[0] does not have a 'low byte'\n";
+ return($lb{$_[0]});
+ }
+
+sub main'HB
+ {
+ (defined($hb{$_[0]})) || die "$_[0] does not have a 'high byte'\n";
+ return($hb{$_[0]});
+ }
+
+sub main'BP
+ {
+ &get_mem("BYTE",@_);
+ }
+
+sub main'DWP
+ {
+ &get_mem("DWORD",@_);
+ }
+
+sub main'QWP
+ {
+ &get_mem("",@_);
+ }
+
+sub main'BC
+ {
+ return (($main'mwerks)?"":"BYTE ")."@_";
+ }
+
+sub main'DWC
+ {
+ return (($main'mwerks)?"":"DWORD ")."@_";
+ }
+
+sub main'stack_push
+ {
+ my($num)=@_;
+ $stack+=$num*4;
+ &main'sub("esp",$num*4);
+ }
+
+sub main'stack_pop
+ {
+ my($num)=@_;
+ $stack-=$num*4;
+ &main'add("esp",$num*4);
+ }
sub get_mem
-{ my($size,$addr,$reg1,$reg2,$idx)=@_;
- my($post,$ret);
-
- if ($size ne "")
- { $ret .= "$size";
- $ret .= " PTR" if ($::mwerks);
- $ret .= " ";
- }
- $ret .= "[";
-
- $addr =~ s/^\s+//;
- # prepend global references with optional underscore
- $addr =~ s/^([^\+\-0-9][^\+\-]*)/islabel($1) or "$under$1"/ige;
- # put address arithmetic expression in parenthesis
- $addr="($addr)" if ($addr =~ /^.+[\-\+].+$/);
-
- if (($addr ne "") && ($addr ne 0))
- { if ($addr !~ /^-/) { $ret .= "$addr+"; }
- else { $post=$addr; }
- }
-
- if ($reg2 ne "")
- { $idx!=0 or $idx=1;
- $ret .= "$reg2*$idx";
- $ret .= "+$reg1" if ($reg1 ne "");
- }
- else
- { $ret .= "$reg1"; }
-
- $ret .= "$post]";
- $ret =~ s/\+\]/]/; # in case $addr was the only argument
-
- $ret;
-}
-sub ::BP { &get_mem("BYTE",@_); }
-sub ::DWP { &get_mem("DWORD",@_); }
-sub ::QWP { &get_mem("",@_); }
-sub ::BC { (($::mwerks)?"":"BYTE ")."@_"; }
-sub ::DWC { (($::mwerks)?"":"DWORD ")."@_"; }
-
-sub ::file
-{ if ($::mwerks) { push(@out,".section\t.text\n"); }
- else
- { my $tmp=<<___;
+ {
+ my($size,$addr,$reg1,$reg2,$idx)=@_;
+ my($t,$post);
+ my($ret)=$size;
+ if ($ret ne "")
+ {
+ $ret .= " PTR" if ($main'mwerks);
+ $ret .= " ";
+ }
+ $ret .= "[";
+ $addr =~ s/^\s+//;
+ if ($addr =~ /^(.+)\+(.+)$/)
+ {
+ $reg2=&conv($1);
+ $addr="$under$2";
+ }
+ elsif ($addr =~ /^[_a-z][_a-z0-9]*$/i)
+ {
+ $addr="$under$addr";
+ }
+
+ if ($addr =~ /^.+\-.+$/) { $addr="($addr)"; }
+
+ $reg1="$regs{$reg1}" if defined($regs{$reg1});
+ $reg2="$regs{$reg2}" if defined($regs{$reg2});
+ if (($addr ne "") && ($addr ne 0))
+ {
+ if ($addr !~ /^-/)
+ { $ret.="${addr}+"; }
+ else { $post=$addr; }
+ }
+ if ($reg2 ne "")
+ {
+ $t="";
+ $t="*$idx" if ($idx != 0);
+ $reg1="+".$reg1 if ("$reg1$post" ne "");
+ $ret.="$reg2$t$reg1$post]";
+ }
+ else
+ {
+ $ret.="$reg1$post]"
+ }
+ $ret =~ s/\+\]/]/; # in case $addr was the only argument
+ return($ret);
+ }
+
+sub main'mov { &out2("mov",@_); }
+sub main'movb { &out2("mov",@_); }
+sub main'and { &out2("and",@_); }
+sub main'or { &out2("or",@_); }
+sub main'shl { &out2("shl",@_); }
+sub main'shr { &out2("shr",@_); }
+sub main'xor { &out2("xor",@_); }
+sub main'xorb { &out2("xor",@_); }
+sub main'add { &out2("add",@_); }
+sub main'adc { &out2("adc",@_); }
+sub main'sub { &out2("sub",@_); }
+sub main'sbb { &out2("sbb",@_); }
+sub main'rotl { &out2("rol",@_); }
+sub main'rotr { &out2("ror",@_); }
+sub main'exch { &out2("xchg",@_); }
+sub main'cmp { &out2("cmp",@_); }
+sub main'lea { &out2("lea",@_); }
+sub main'mul { &out1("mul",@_); }
+sub main'imul { &out2("imul",@_); }
+sub main'div { &out1("div",@_); }
+sub main'dec { &out1("dec",@_); }
+sub main'inc { &out1("inc",@_); }
+sub main'jmp { &out1("jmp",@_); }
+sub main'jmp_ptr { &out1p("jmp",@_); }
+
+# This is a bit of a kludge: declare all branches as NEAR.
+$near=($main'mwerks)?'':'NEAR';
+sub main'je { &out1("je $near",@_); }
+sub main'jle { &out1("jle $near",@_); }
+sub main'jz { &out1("jz $near",@_); }
+sub main'jge { &out1("jge $near",@_); }
+sub main'jl { &out1("jl $near",@_); }
+sub main'ja { &out1("ja $near",@_); }
+sub main'jae { &out1("jae $near",@_); }
+sub main'jb { &out1("jb $near",@_); }
+sub main'jbe { &out1("jbe $near",@_); }
+sub main'jc { &out1("jc $near",@_); }
+sub main'jnc { &out1("jnc $near",@_); }
+sub main'jnz { &out1("jnz $near",@_); }
+sub main'jne { &out1("jne $near",@_); }
+sub main'jno { &out1("jno $near",@_); }
+
+sub main'push { &out1("push",@_); $stack+=4; }
+sub main'pop { &out1("pop",@_); $stack-=4; }
+sub main'pushf { &out0("pushfd"); $stack+=4; }
+sub main'popf { &out0("popfd"); $stack-=4; }
+sub main'bswap { &out1("bswap",@_); &using486(); }
+sub main'not { &out1("not",@_); }
+sub main'call { &out1("call",($_[0]=~/^\@L/?'':$under).$_[0]); }
+sub main'call_ptr { &out1p("call",@_); }
+sub main'ret { &out0("ret"); }
+sub main'nop { &out0("nop"); }
+sub main'test { &out2("test",@_); }
+sub main'bt { &out2("bt",@_); }
+sub main'leave { &out0("leave"); }
+sub main'cpuid { &out0("cpuid"); }
+sub main'rdtsc { &out0("rdtsc"); }
+sub main'halt { &out0("hlt"); }
+sub main'movz { &out2("movzx",@_); }
+sub main'neg { &out1("neg",@_); }
+sub main'cld { &out0("cld"); }
+
+# SSE2
+sub main'emms { &out0("emms"); }
+sub main'movd { &out2("movd",@_); }
+sub main'movq { &out2("movq",@_); }
+sub main'movdqu { &out2("movdqu",@_); }
+sub main'movdqa { &out2("movdqa",@_); }
+sub main'movdq2q{ &out2("movdq2q",@_); }
+sub main'movq2dq{ &out2("movq2dq",@_); }
+sub main'paddq { &out2("paddq",@_); }
+sub main'pmuludq{ &out2("pmuludq",@_); }
+sub main'psrlq { &out2("psrlq",@_); }
+sub main'psllq { &out2("psllq",@_); }
+sub main'pxor { &out2("pxor",@_); }
+sub main'por { &out2("por",@_); }
+sub main'pand { &out2("pand",@_); }
+
+sub out2
+ {
+ my($name,$p1,$p2)=@_;
+ my($l,$t);
+
+ push(@out,"\t$name\t");
+ if (!$main'mwerks and $name eq "lea")
+ {
+ $p1 =~ s/^[^\[]*\[/\[/;
+ $p2 =~ s/^[^\[]*\[/\[/;
+ }
+ $t=&conv($p1).",";
+ $l=length($t);
+ push(@out,$t);
+ $l=4-($l+9)/8;
+ push(@out,"\t" x $l);
+ push(@out,&conv($p2));
+ push(@out,"\n");
+ }
+
+sub out0
+ {
+ my($name)=@_;
+
+ push(@out,"\t$name\n");
+ }
+
+sub out1
+ {
+ my($name,$p1)=@_;
+ my($l,$t);
+ push(@out,"\t$name\t".&conv($p1)."\n");
+ }
+
+sub conv
+ {
+ my($p)=@_;
+ $p =~ s/0x([0-9A-Fa-f]+)/0$1h/;
+ return $p;
+ }
+
+sub using486
+ {
+ return if $using486;
+ $using486++;
+ grep(s/\.386/\.486/,@out);
+ }
+
+sub main'file
+ {
+ if ($main'mwerks) { push(@out,".section\t.text\n"); }
+ else {
+ local $tmp=<<___;
%ifdef __omf__
-section code use32 class=code align=64
+section code use32 class=code
%else
-section .text code align=64
+section .text
%endif
___
+ push(@out,$tmp);
+ }
+ }
+
+sub main'function_begin
+ {
+ my($func,$extra)=@_;
+
+ push(@labels,$func);
+ push(@out,".") if ($main'mwerks);
+ my($tmp)=<<"EOF";
+global $under$func
+$under$func:
+ push ebp
+ push ebx
+ push esi
+ push edi
+EOF
push(@out,$tmp);
- }
-}
+ $stack=20;
+ }
+
+sub main'function_begin_B
+ {
+ my($func,$extra)=@_;
+ push(@out,".") if ($main'mwerks);
+ my($tmp)=<<"EOF";
+global $under$func
+$under$func:
+EOF
+ push(@out,$tmp);
+ $stack=4;
+ }
-sub ::function_begin_B
-{ my $func=$under.shift;
- my $tmp=<<___;
-global $func
-align 16
-$func:
-___
- push(@out,$tmp);
- $::stack=4;
-}
-sub ::function_end_B
-{ my $i;
- foreach $i (%label) { undef $label{$i} if ($label{$i} =~ /^$prfx/); }
- $::stack=0;
-}
+sub main'function_end
+ {
+ my($func)=@_;
-sub ::file_end
-{ # try to detect if SSE2 or MMX extensions were used on Win32...
- if ($::win32 && grep {/\b[x]?mm[0-7]\b|OPENSSL_ia32cap_P\b/i} @out)
- { # $1<<10 sets a reserved bit to signal that variable
- # was initialized already...
- my $code=<<___;
-align 16
-${lprfx}OPENSSL_ia32cap_init:
- lea edx,[${under}OPENSSL_ia32cap_P]
- cmp DWORD [edx],0
- jne NEAR ${lprfx}nocpuid
- mov DWORD [edx],1<<10
- pushfd
- pop eax
- mov ecx,eax
- xor eax,1<<21
- push eax
- popfd
- pushfd
- pop eax
- xor eax,ecx
- bt eax,21
- jnc NEAR ${lprfx}nocpuid
- push ebp
- push edi
- push ebx
- mov edi,edx
- xor eax,eax
- cpuid
- xor eax,eax
- cmp ebx,'Genu'
- setne al
- mov ebp,eax
- cmp edx,'ineI'
- setne al
- or ebp,eax
- cmp eax,'ntel'
- setne al
- or ebp,eax
- mov eax,1
- cpuid
- cmp ebp,0
- jne ${lprfx}notP4
- and ah,15
- cmp ah,15
- jne ${lprfx}notP4
- or edx,1<<20
-${lprfx}notP4:
- bt edx,28
- jnc ${lprfx}done
- shr ebx,16
- cmp bl,1
- ja ${lprfx}done
- and edx,0xefffffff
-${lprfx}done:
- or edx,1<<10
- mov DWORD [edi],edx
- pop ebx
+ my($tmp)=<<"EOF";
pop edi
+ pop esi
+ pop ebx
pop ebp
-${lprfx}nocpuid:
ret
-segment .CRT\$XCU data align=4
-dd ${lprfx}OPENSSL_ia32cap_init
-___
- my $data=<<___;
-segment .bss
-common ${under}OPENSSL_ia32cap_P 4
-___
-
- #<not needed in OpenSSL context>#push (@out,$code);
-
- # comment out OPENSSL_ia32cap_P declarations
- grep {s/(^extern\s+${under}OPENSSL_ia32cap_P)/\;$1/} @out;
- push (@out,$data)
- }
- push (@out,$initseg) if ($initseg);
-}
-
-sub ::comment { foreach (@_) { push(@out,"\t; $_\n"); } }
-
-sub islabel # see is argument is known label
-{ my $i;
- foreach $i (%label) { return $label{$i} if ($label{$i} eq $_[0]); }
- undef;
-}
-
-sub ::external_label
-{ push(@labels,@_);
- foreach (@_)
- { push(@out,".") if ($::mwerks);
- push(@out, "extern\t${under}$_\n");
- }
-}
+EOF
+ push(@out,$tmp);
+ $stack=0;
+ %label=();
+ }
-sub ::public_label
-{ $label{$_[0]}="${under}${_[0]}" if (!defined($label{$_[0]}));
- push(@out,"global\t$label{$_[0]}\n");
-}
+sub main'function_end_B
+ {
+ $stack=0;
+ %label=();
+ }
-sub ::label
-{ if (!defined($label{$_[0]}))
- { $label{$_[0]}="${lprfx}${label}${_[0]}"; $label++; }
- $label{$_[0]};
-}
+sub main'function_end_A
+ {
+ my($func)=@_;
-sub ::set_label
-{ my $label=&::label($_[0]);
- &::align($_[1]) if ($_[1]>1);
- push(@out,"$label{$_[0]}:\n");
-}
+ my($tmp)=<<"EOF";
+ pop edi
+ pop esi
+ pop ebx
+ pop ebp
+ ret
+EOF
+ push(@out,$tmp);
+ }
-sub ::data_byte
-{ push(@out,(($::mwerks)?".byte\t":"db\t").join(',',@_)."\n"); }
+sub main'file_end
+ {
+ }
-sub ::data_word
-{ push(@out,(($::mwerks)?".long\t":"dd\t").join(',',@_)."\n"); }
+sub main'wparam
+ {
+ my($num)=@_;
-sub ::align
-{ push(@out,".") if ($::mwerks); push(@out,"align\t$_[0]\n"); }
+ return(&main'DWP($stack+$num*4,"esp","",0));
+ }
-sub ::picmeup
-{ my($dst,$sym)=@_;
- &::lea($dst,&::DWP($sym));
-}
+sub main'swtmp
+ {
+ return(&main'DWP($_[0]*4,"esp","",0));
+ }
-sub ::initseg
-{ my($f)=$under.shift;
- if ($::win32)
- { $initseg=<<___;
-segment .CRT\$XCU data align=4
-extern $f
-dd $f
+# Should use swtmp, which is above esp. Linix can trash the stack above esp
+#sub main'wtmp
+# {
+# my($num)=@_;
+#
+# return(&main'DWP(-(($num+1)*4),"esp","",0));
+# }
+
+sub main'comment
+ {
+ foreach (@_)
+ {
+ push(@out,"\t; $_\n");
+ }
+ }
+
+sub main'public_label
+ {
+ $label{$_[0]}="${under}${_[0]}" if (!defined($label{$_[0]}));
+ push(@out,".") if ($main'mwerks);
+ push(@out,"global\t$label{$_[0]}\n");
+ }
+
+sub main'label
+ {
+ if (!defined($label{$_[0]}))
+ {
+ $label{$_[0]}="\@${label}${_[0]}";
+ $label++;
+ }
+ return($label{$_[0]});
+ }
+
+sub main'set_label
+ {
+ if (!defined($label{$_[0]}))
+ {
+ $label{$_[0]}="\@${label}${_[0]}";
+ $label++;
+ }
+ if ($_[1]!=0 && $_[1]>1)
+ {
+ main'align($_[1]);
+ }
+ push(@out,"$label{$_[0]}:\n");
+ }
+
+sub main'data_byte
+ {
+ push(@out,(($main'mwerks)?".byte\t":"DB\t").join(',',@_)."\n");
+ }
+
+sub main'data_word
+ {
+ push(@out,(($main'mwerks)?".long\t":"DD\t").join(',',@_)."\n");
+ }
+
+sub main'align
+ {
+ push(@out,".") if ($main'mwerks);
+ push(@out,"align\t$_[0]\n");
+ }
+
+sub out1p
+ {
+ my($name,$p1)=@_;
+ my($l,$t);
+
+ push(@out,"\t$name\t".&conv($p1)."\n");
+ }
+
+sub main'picmeup
+ {
+ local($dst,$sym)=@_;
+ &main'lea($dst,&main'DWP($sym));
+ }
+
+sub main'blindpop { &out1("pop",@_); }
+
+sub main'initseg
+ {
+ local($f)=@_;
+ if ($main'win32)
+ {
+ local($tmp)=<<___;
+segment .CRT\$XCU data
+extern $under$f
+DD $under$f
___
- }
-}
+ push(@out,$tmp);
+ }
+ }
1;
-#!/usr/bin/env perl
+#!/usr/local/bin/perl
package x86unix; # GAS actually...
-*out=\@::out;
-
$label="L000";
+$const="";
+$constl=0;
+
+$align=($main'aout)?"4":"16";
+$under=($main'aout or $main'coff)?"_":"";
+$dot=($main'aout)?"":".";
+$com_start="#" if ($main'aout or $main'coff);
+
+sub main'asm_init_output { @out=(); }
+sub main'asm_get_output { return(@out); }
+sub main'get_labels { return(@labels); }
+sub main'external_label { push(@labels,@_); }
+
+if ($main'cpp)
+ {
+ $align="ALIGN";
+ $under="";
+ $com_start='/*';
+ $com_end='*/';
+ }
+
+%lb=( 'eax', '%al',
+ 'ebx', '%bl',
+ 'ecx', '%cl',
+ 'edx', '%dl',
+ 'ax', '%al',
+ 'bx', '%bl',
+ 'cx', '%cl',
+ 'dx', '%dl',
+ );
+
+%hb=( 'eax', '%ah',
+ 'ebx', '%bh',
+ 'ecx', '%ch',
+ 'edx', '%dh',
+ 'ax', '%ah',
+ 'bx', '%bh',
+ 'cx', '%ch',
+ 'dx', '%dh',
+ );
+
+%regs=( 'eax', '%eax',
+ 'ebx', '%ebx',
+ 'ecx', '%ecx',
+ 'edx', '%edx',
+ 'esi', '%esi',
+ 'edi', '%edi',
+ 'ebp', '%ebp',
+ 'esp', '%esp',
+
+ 'mm0', '%mm0',
+ 'mm1', '%mm1',
+ 'mm2', '%mm2',
+ 'mm3', '%mm3',
+ 'mm4', '%mm4',
+ 'mm5', '%mm5',
+ 'mm6', '%mm6',
+ 'mm7', '%mm7',
+
+ 'xmm0', '%xmm0',
+ 'xmm1', '%xmm1',
+ 'xmm2', '%xmm2',
+ 'xmm3', '%xmm3',
+ 'xmm4', '%xmm4',
+ 'xmm5', '%xmm5',
+ 'xmm6', '%xmm6',
+ 'xmm7', '%xmm7',
+ );
+
+%reg_val=(
+ 'eax', 0x00,
+ 'ebx', 0x03,
+ 'ecx', 0x01,
+ 'edx', 0x02,
+ 'esi', 0x06,
+ 'edi', 0x07,
+ 'ebp', 0x05,
+ 'esp', 0x04,
+ );
+
+sub main'LB
+ {
+ (defined($lb{$_[0]})) || die "$_[0] does not have a 'low byte'\n";
+ return($lb{$_[0]});
+ }
+
+sub main'HB
+ {
+ (defined($hb{$_[0]})) || die "$_[0] does not have a 'high byte'\n";
+ return($hb{$_[0]});
+ }
+
+sub main'DWP
+ {
+ local($addr,$reg1,$reg2,$idx)=@_;
+
+ $ret="";
+ $addr =~ s/(^|[+ \t])([A-Za-z_]+[A-Za-z0-9_]+)($|[+ \t])/$1$under$2$3/;
+ $reg1="$regs{$reg1}" if defined($regs{$reg1});
+ $reg2="$regs{$reg2}" if defined($regs{$reg2});
+ $ret.=$addr if ($addr ne "") && ($addr ne 0);
+ if ($reg2 ne "")
+ {
+ if($idx ne "" && $idx != 0)
+ { $ret.="($reg1,$reg2,$idx)"; }
+ else
+ { $ret.="($reg1,$reg2)"; }
+ }
+ elsif ($reg1 ne "")
+ { $ret.="($reg1)" }
+ return($ret);
+ }
+
+sub main'QWP
+ {
+ return(&main'DWP(@_));
+ }
+
+sub main'BP
+ {
+ return(&main'DWP(@_));
+ }
+
+sub main'BC
+ {
+ return @_;
+ }
+
+sub main'DWC
+ {
+ return @_;
+ }
-$align=($::aout)?"4":"16";
-$under=($::aout or $::coff)?"_":"";
-$dot=($::aout)?"":".";
-$com_start="#" if ($::aout or $::coff);
-
-sub opsize()
-{ my $reg=shift;
- if ($reg =~ m/^%e/o) { "l"; }
- elsif ($reg =~ m/^%[a-d][hl]$/o) { "b"; }
- elsif ($reg =~ m/^%[xm]/o) { undef; }
- else { "w"; }
-}
-
-# swap arguments;
-# expand opcode with size suffix;
-# prefix numeric constants with $;
-sub ::generic
-{ my($opcode,$dst,$src)=@_;
- my($tmp,$suffix,@arg);
-
- if (defined($src))
- { $src =~ s/^(e?[a-dsixphl]{2})$/%$1/o;
- $src =~ s/^(x?mm[0-7])$/%$1/o;
- $src =~ s/^(\-?[0-9]+)$/\$$1/o;
- $src =~ s/^(\-?0x[0-9a-f]+)$/\$$1/o;
- push(@arg,$src);
- }
- if (defined($dst))
- { $dst =~ s/^(\*?)(e?[a-dsixphl]{2})$/$1%$2/o;
- $dst =~ s/^(x?mm[0-7])$/%$1/o;
- $dst =~ s/^(\-?[0-9]+)$/\$$1/o if(!defined($src));
- $dst =~ s/^(\-?0x[0-9a-f]+)$/\$$1/o if(!defined($src));
- push(@arg,$dst);
- }
-
- if ($dst =~ m/^%/o) { $suffix=&opsize($dst); }
- elsif ($src =~ m/^%/o) { $suffix=&opsize($src); }
- else { $suffix="l"; }
- undef $suffix if ($dst =~ m/^%[xm]/o || $src =~ m/^%[xm]/o);
-
- if ($#_==0) { &::emit($opcode); }
- elsif ($opcode =~ m/^j/o && $#_==1) { &::emit($opcode,@arg); }
- elsif ($opcode eq "call" && $#_==1) { &::emit($opcode,@arg); }
- elsif ($opcode =~ m/^set/&& $#_==1) { &::emit($opcode,@arg); }
- else { &::emit($opcode.$suffix,@arg);}
-
- 1;
-}
+#sub main'BP
+# {
+# local($addr,$reg1,$reg2,$idx)=@_;
+#
+# $ret="";
#
-# opcodes not covered by ::generic above, mostly inconsistent namings...
+# $addr =~ s/(^|[+ \t])([A-Za-z_]+)($|[+ \t])/$1$under$2$3/;
+# $reg1="$regs{$reg1}" if defined($regs{$reg1});
+# $reg2="$regs{$reg2}" if defined($regs{$reg2});
+# $ret.=$addr if ($addr ne "") && ($addr ne 0);
+# if ($reg2 ne "")
+# { $ret.="($reg1,$reg2,$idx)"; }
+# else
+# { $ret.="($reg1)" }
+# return($ret);
+# }
+
+sub main'mov { &out2("movl",@_); }
+sub main'movb { &out2("movb",@_); }
+sub main'and { &out2("andl",@_); }
+sub main'or { &out2("orl",@_); }
+sub main'shl { &out2("sall",@_); }
+sub main'shr { &out2("shrl",@_); }
+sub main'xor { &out2("xorl",@_); }
+sub main'xorb { &out2("xorb",@_); }
+sub main'add { &out2($_[0]=~/%[a-d][lh]/?"addb":"addl",@_); }
+sub main'adc { &out2("adcl",@_); }
+sub main'sub { &out2("subl",@_); }
+sub main'sbb { &out2("sbbl",@_); }
+sub main'rotl { &out2("roll",@_); }
+sub main'rotr { &out2("rorl",@_); }
+sub main'exch { &out2($_[0]=~/%[a-d][lh]/?"xchgb":"xchgl",@_); }
+sub main'cmp { &out2("cmpl",@_); }
+sub main'lea { &out2("leal",@_); }
+sub main'mul { &out1("mull",@_); }
+sub main'imul { &out2("imull",@_); }
+sub main'div { &out1("divl",@_); }
+sub main'jmp { &out1("jmp",@_); }
+sub main'jmp_ptr { &out1p("jmp",@_); }
+sub main'je { &out1("je",@_); }
+sub main'jle { &out1("jle",@_); }
+sub main'jne { &out1("jne",@_); }
+sub main'jnz { &out1("jnz",@_); }
+sub main'jz { &out1("jz",@_); }
+sub main'jge { &out1("jge",@_); }
+sub main'jl { &out1("jl",@_); }
+sub main'ja { &out1("ja",@_); }
+sub main'jae { &out1("jae",@_); }
+sub main'jb { &out1("jb",@_); }
+sub main'jbe { &out1("jbe",@_); }
+sub main'jc { &out1("jc",@_); }
+sub main'jnc { &out1("jnc",@_); }
+sub main'jno { &out1("jno",@_); }
+sub main'dec { &out1("decl",@_); }
+sub main'inc { &out1($_[0]=~/%[a-d][hl]/?"incb":"incl",@_); }
+sub main'push { &out1("pushl",@_); $stack+=4; }
+sub main'pop { &out1("popl",@_); $stack-=4; }
+sub main'pushf { &out0("pushfl"); $stack+=4; }
+sub main'popf { &out0("popfl"); $stack-=4; }
+sub main'not { &out1("notl",@_); }
+sub main'call { my $pre=$under;
+ foreach $i (%label)
+ { if ($label{$i} eq $_[0]) { $pre=''; last; } }
+ &out1("call",$pre.$_[0]);
+ }
+sub main'call_ptr { &out1p("call",@_); }
+sub main'ret { &out0("ret"); }
+sub main'nop { &out0("nop"); }
+sub main'test { &out2("testl",@_); }
+sub main'bt { &out2("btl",@_); }
+sub main'leave { &out0("leave"); }
+sub main'cpuid { &out0(".byte\t0x0f,0xa2"); }
+sub main'rdtsc { &out0(".byte\t0x0f,0x31"); }
+sub main'halt { &out0("hlt"); }
+sub main'movz { &out2("movzbl",@_); }
+sub main'neg { &out1("negl",@_); }
+sub main'cld { &out0("cld"); }
+
+# SSE2
+sub main'emms { &out0("emms"); }
+sub main'movd { &out2("movd",@_); }
+sub main'movdqu { &out2("movdqu",@_); }
+sub main'movdqa { &out2("movdqa",@_); }
+sub main'movdq2q{ &out2("movdq2q",@_); }
+sub main'movq2dq{ &out2("movq2dq",@_); }
+sub main'paddq { &out2("paddq",@_); }
+sub main'pmuludq{ &out2("pmuludq",@_); }
+sub main'psrlq { &out2("psrlq",@_); }
+sub main'psllq { &out2("psllq",@_); }
+sub main'pxor { &out2("pxor",@_); }
+sub main'por { &out2("por",@_); }
+sub main'pand { &out2("pand",@_); }
+sub main'movq {
+ local($p1,$p2,$optimize)=@_;
+ if ($optimize && $p1=~/^mm[0-7]$/ && $p2=~/^mm[0-7]$/)
+ # movq between mmx registers can sink Intel CPUs
+ { push(@out,"\tpshufw\t\$0xe4,%$p2,%$p1\n"); }
+ else { &out2("movq",@_); }
+ }
+
+# The bswapl instruction is new for the 486. Emulate if i386.
+sub main'bswap
+ {
+ if ($main'i386)
+ {
+ &main'comment("bswapl @_");
+ &main'exch(main'HB(@_),main'LB(@_));
+ &main'rotr(@_,16);
+ &main'exch(main'HB(@_),main'LB(@_));
+ }
+ else
+ {
+ &out1("bswapl",@_);
+ }
+ }
+
+sub out2
+ {
+ local($name,$p1,$p2)=@_;
+ local($l,$ll,$t);
+ local(%special)=( "roll",0xD1C0,"rorl",0xD1C8,
+ "rcll",0xD1D0,"rcrl",0xD1D8,
+ "shll",0xD1E0,"shrl",0xD1E8,
+ "sarl",0xD1F8);
+
+ if ((defined($special{$name})) && defined($regs{$p1}) && ($p2 == 1))
+ {
+ $op=$special{$name}|$reg_val{$p1};
+ $tmp1=sprintf(".byte %d\n",($op>>8)&0xff);
+ $tmp2=sprintf(".byte %d\t",$op &0xff);
+ push(@out,$tmp1);
+ push(@out,$tmp2);
+
+ $p2=&conv($p2);
+ $p1=&conv($p1);
+ &main'comment("$name $p2 $p1");
+ return;
+ }
+
+ push(@out,"\t$name\t");
+ $t=&conv($p2).",";
+ $l=length($t);
+ push(@out,$t);
+ $ll=4-($l+9)/8;
+ $tmp1=sprintf("\t" x $ll);
+ push(@out,$tmp1);
+ push(@out,&conv($p1)."\n");
+ }
+
+sub out1
+ {
+ local($name,$p1)=@_;
+ local($l,$t);
+ local(%special)=("bswapl",0x0FC8);
+
+ if ((defined($special{$name})) && defined($regs{$p1}))
+ {
+ $op=$special{$name}|$reg_val{$p1};
+ $tmp1=sprintf(".byte %d\n",($op>>8)&0xff);
+ $tmp2=sprintf(".byte %d\t",$op &0xff);
+ push(@out,$tmp1);
+ push(@out,$tmp2);
+
+ $p2=&conv($p2);
+ $p1=&conv($p1);
+ &main'comment("$name $p2 $p1");
+ return;
+ }
+
+ push(@out,"\t$name\t".&conv($p1)."\n");
+ }
+
+sub out1p
+ {
+ local($name,$p1)=@_;
+ local($l,$t);
+
+ push(@out,"\t$name\t*".&conv($p1)."\n");
+ }
+
+sub out0
+ {
+ push(@out,"\t$_[0]\n");
+ }
+
+sub conv
+ {
+ local($p)=@_;
+
+# $p =~ s/0x([0-9A-Fa-f]+)/0$1h/;
+
+ $p=$regs{$p} if (defined($regs{$p}));
+
+ $p =~ s/^(-{0,1}[0-9A-Fa-f]+)$/\$$1/;
+ $p =~ s/^(0x[0-9A-Fa-f]+)$/\$$1/;
+ return $p;
+ }
+
+sub main'file
+ {
+ local($file)=@_;
+
+ local($tmp)=<<"EOF";
+ .file "$file.s"
+EOF
+ push(@out,$tmp);
+ }
+
+sub main'function_begin
+ {
+ local($func)=@_;
+
+ &main'external_label($func);
+ $func=$under.$func;
+
+ local($tmp)=<<"EOF";
+.text
+.globl $func
+EOF
+ push(@out,$tmp);
+ if ($main'cpp)
+ { $tmp=push(@out,"TYPE($func,\@function)\n"); }
+ elsif ($main'coff)
+ { $tmp=push(@out,".def\t$func;\t.scl\t2;\t.type\t32;\t.endef\n"); }
+ elsif ($main'aout and !$main'pic)
+ { }
+ else { $tmp=push(@out,".type\t$func,\@function\n"); }
+ push(@out,".align\t$align\n");
+ push(@out,"$func:\n");
+ $tmp=<<"EOF";
+ pushl %ebp
+ pushl %ebx
+ pushl %esi
+ pushl %edi
+
+EOF
+ push(@out,$tmp);
+ $stack=20;
+ }
+
+sub main'function_begin_B
+ {
+ local($func,$extra)=@_;
+
+ &main'external_label($func);
+ $func=$under.$func;
+
+ local($tmp)=<<"EOF";
+.text
+.globl $func
+EOF
+ push(@out,$tmp);
+ if ($main'cpp)
+ { push(@out,"TYPE($func,\@function)\n"); }
+ elsif ($main'coff)
+ { $tmp=push(@out,".def\t$func;\t.scl\t2;\t.type\t32;\t.endef\n"); }
+ elsif ($main'aout and !$main'pic)
+ { }
+ else { push(@out,".type $func,\@function\n"); }
+ push(@out,".align\t$align\n");
+ push(@out,"$func:\n");
+ $stack=4;
+ }
+
+sub main'function_end
+ {
+ local($func)=@_;
+
+ $func=$under.$func;
+
+ local($tmp)=<<"EOF";
+ popl %edi
+ popl %esi
+ popl %ebx
+ popl %ebp
+ ret
+${dot}L_${func}_end:
+EOF
+ push(@out,$tmp);
+
+ if ($main'cpp)
+ { push(@out,"SIZE($func,${dot}L_${func}_end-$func)\n"); }
+ elsif ($main'coff or $main'aout)
+ { }
+ else { push(@out,".size\t$func,${dot}L_${func}_end-$func\n"); }
+ push(@out,".ident \"$func\"\n");
+ $stack=0;
+ %label=();
+ }
+
+sub main'function_end_A
+ {
+ local($func)=@_;
+
+ local($tmp)=<<"EOF";
+ popl %edi
+ popl %esi
+ popl %ebx
+ popl %ebp
+ ret
+EOF
+ push(@out,$tmp);
+ }
+
+sub main'function_end_B
+ {
+ local($func)=@_;
+
+ $func=$under.$func;
+
+ push(@out,"${dot}L_${func}_end:\n");
+ if ($main'cpp)
+ { push(@out,"SIZE($func,${dot}L_${func}_end-$func)\n"); }
+ elsif ($main'coff or $main'aout)
+ { }
+ else { push(@out,".size\t$func,${dot}L_${func}_end-$func\n"); }
+ push(@out,".ident \"$func\"\n");
+ $stack=0;
+ %label=();
+ }
+
+sub main'wparam
+ {
+ local($num)=@_;
+
+ return(&main'DWP($stack+$num*4,"esp","",0));
+ }
+
+sub main'stack_push
+ {
+ local($num)=@_;
+ $stack+=$num*4;
+ &main'sub("esp",$num*4);
+ }
+
+sub main'stack_pop
+ {
+ local($num)=@_;
+ $stack-=$num*4;
+ &main'add("esp",$num*4);
+ }
+
+sub main'swtmp
+ {
+ return(&main'DWP($_[0]*4,"esp","",0));
+ }
+
+# Should use swtmp, which is above esp. Linix can trash the stack above esp
+#sub main'wtmp
+# {
+# local($num)=@_;
#
-sub ::movz { &::movzb(@_); }
-sub ::pushf { &::pushfl; }
-sub ::popf { &::popfl; }
-sub ::cpuid { &::emit(".byte\t0x0f,0xa2"); }
-sub ::rdtsc { &::emit(".byte\t0x0f,0x31"); }
-
-sub ::call { &::emit("call",(&islabel($_[0]) or "$under$_[0]")); }
-sub ::call_ptr { &::generic("call","*$_[0]"); }
-sub ::jmp_ptr { &::generic("jmp","*$_[0]"); }
-
-*::bswap = sub { &::emit("bswap","%$_[0]"); } if (!$::i386);
-
-# chosen SSE instructions
-sub ::movq
-{ my($p1,$p2,$optimize)=@_;
- if ($optimize && $p1=~/^mm[0-7]$/ && $p2=~/^mm[0-7]$/)
- # movq between mmx registers can sink Intel CPUs
- { &::pshufw($p1,$p2,0xe4); }
- else
- { &::generic("movq",@_); }
-}
-sub ::pshufw
-{ my($dst,$src,$magic)=@_;
- &::emit("pshufw","\$$magic","%$src","%$dst");
-}
-
-sub ::DWP
-{ my($addr,$reg1,$reg2,$idx)=@_;
- my $ret="";
-
- $addr =~ s/^\s+//;
- # prepend global references with optional underscore
- $addr =~ s/^([^\+\-0-9][^\+\-]*)/islabel($1) or "$under$1"/ige;
-
- $reg1 = "%$reg1" if ($reg1);
- $reg2 = "%$reg2" if ($reg2);
-
- $ret .= $addr if (($addr ne "") && ($addr ne 0));
-
- if ($reg2)
- { $idx!= 0 or $idx=1;
- $ret .= "($reg1,$reg2,$idx)";
- }
- elsif ($reg1)
- { $ret .= "($reg1)"; }
-
- $ret;
-}
-sub ::QWP { &::DWP(@_); }
-sub ::BP { &::DWP(@_); }
-sub ::BC { @_; }
-sub ::DWC { @_; }
-
-sub ::file
-{ push(@out,".file\t\"$_[0].s\"\n"); }
-
-sub ::function_begin_B
-{ my($func,$extra)=@_;
- my $tmp;
-
- &::external_label($func);
- $func=$under.$func;
-
- push(@out,".text\n.globl\t$func\n");
- if ($::coff)
- { push(@out,".def\t$func;\t.scl\t2;\t.type\t32;\t.endef\n"); }
- elsif ($::aout and !$::pic)
- { }
- else
- { push(@out,".type $func,\@function\n"); }
- push(@out,".align\t$align\n");
- push(@out,"$func:\n");
- $::stack=4;
-}
-
-sub ::function_end_B
-{ my($func)=@_;
-
- $func=$under.$func;
- push(@out,"${dot}L_${func}_end:\n");
- if ($::elf)
- { push(@out,".size\t$func,${dot}L_${func}_end-$func\n"); }
- $::stack=0;
- %label=();
-}
-
-sub ::comment
- {
- if (!defined($com_start) or $::elf)
- { # Regarding $::elf above...
+# return(&main'DWP(-($num+1)*4,"esp","",0));
+# }
+
+sub main'comment
+ {
+ if (!defined($com_start) or $main'elf)
+ { # Regarding $main'elf above...
# GNU and SVR4 as'es use different comment delimiters,
push(@out,"\n"); # so we just skip ELF comments...
return;
}
}
-sub islabel # see is argument is a known label
-{ my $i;
- foreach $i (%label) { return $label{$i} if ($label{$i} eq $_[0]); }
- undef;
-}
-
-sub ::external_label { push(@labels,@_); }
-
-sub ::public_label
-{ $label{$_[0]}="${under}${_[0]}" if (!defined($label{$_[0]}));
- push(@out,".globl\t$label{$_[0]}\n");
-}
-
-sub ::label
-{ if (!defined($label{$_[0]}))
- { $label{$_[0]}="${dot}${label}${_[0]}"; $label++; }
- $label{$_[0]};
-}
-
-sub ::set_label
-{ my $label=&::label($_[0]);
- &::align($_[1]) if ($_[1]>1);
- push(@out,"$label:\n");
-}
-
-sub ::file_end
-{ # try to detect if SSE2 or MMX extensions were used on ELF platform...
- if ($::elf && grep {/\b%[x]?mm[0-7]\b|OPENSSL_ia32cap_P\b/i} @out) {
-
- push (@out,"\n.section\t.bss\n");
- push (@out,".comm\t${under}OPENSSL_ia32cap_P,4,4\n");
-
- return; # below is not needed in OpenSSL context
-
- push (@out,".section\t.init\n");
- &::picmeup("edx","OPENSSL_ia32cap_P");
- # $1<<10 sets a reserved bit to signal that variable
- # was initialized already...
- my $code=<<___;
- cmpl \$0,(%edx)
- jne 3f
- movl \$1<<10,(%edx)
- pushf
- popl %eax
- movl %eax,%ecx
- xorl \$1<<21,%eax
- pushl %eax
- popf
- pushf
- popl %eax
- xorl %ecx,%eax
- btl \$21,%eax
- jnc 3f
- pushl %ebp
- pushl %edi
- pushl %ebx
- movl %edx,%edi
- xor %eax,%eax
- .byte 0x0f,0xa2
- xorl %eax,%eax
- cmpl $1970169159,%ebx
- setne %al
- movl %eax,%ebp
- cmpl $1231384169,%edx
- setne %al
- orl %eax,%ebp
- cmpl $1818588270,%ecx
- setne %al
- orl %eax,%ebp
- movl $1,%eax
- .byte 0x0f,0xa2
- cmpl $0,%ebp
- jne 1f
- andb $15,%ah
- cmpb $15,%ah
- jne 1f
- orl $1048576,%edx
-1: btl $28,%edx
- jnc 2f
- shrl $16,%ebx
- cmpb $1,%bl
- ja 2f
- andl $4026531839,%edx
-2: orl \$1<<10,%edx
- movl %edx,0(%edi)
- popl %ebx
- popl %edi
- popl %ebp
- jmp 3f
- .align $align
- 3:
-___
- push (@out,$code);
- }
-}
-
-sub ::data_byte { push(@out,".byte\t".join(',',@_)."\n"); }
-sub ::data_word { push(@out,".long\t".join(',',@_)."\n"); }
-
-sub ::align
-{ my $val=$_[0],$p2,$i;
- if ($::aout)
- { for ($p2=0;$val!=0;$val>>=1) { $p2++; }
- $val=$p2-1;
- $val.=",0x90";
- }
- push(@out,".align\t$val\n");
-}
-
-sub ::picmeup
-{ my($dst,$sym,$base,$reflabel)=@_;
-
- if ($::pic && ($::elf || $::aout))
- { if (!defined($base))
- { &::call(&::label("PIC_me_up"));
- &::set_label("PIC_me_up");
- &::blindpop($dst);
- &::add($dst,"\$${under}_GLOBAL_OFFSET_TABLE_+[.-".
- &::label("PIC_me_up") . "]");
+sub main'public_label
+ {
+ $label{$_[0]}="${under}${_[0]}" if (!defined($label{$_[0]}));
+ push(@out,".globl\t$label{$_[0]}\n");
+ }
+
+sub main'label
+ {
+ if (!defined($label{$_[0]}))
+ {
+ $label{$_[0]}="${dot}${label}${_[0]}";
+ $label++;
+ }
+ return($label{$_[0]});
+ }
+
+sub main'set_label
+ {
+ if (!defined($label{$_[0]}))
+ {
+ $label{$_[0]}="${dot}${label}${_[0]}";
+ $label++;
+ }
+ if ($_[1]!=0)
+ {
+ if ($_[1]>1) { main'align($_[1]); }
+ else { push(@out,".align $align\n"); }
+ }
+ push(@out,"$label{$_[0]}:\n");
+ }
+
+sub main'file_end
+ {
+ # try to detect if SSE2 or MMX extensions were used on ELF platform...
+ if ($main'elf && grep {/\b%[x]*mm[0-7]\b|OPENSSL_ia32cap_P\b/i} @out) {
+ local($tmp);
+
+ push (@out,"\n.section\t.bss\n");
+ push (@out,".comm\t${under}OPENSSL_ia32cap_P,4,4\n");
+
+ return;
+ }
+
+ if ($const ne "")
+ {
+ push(@out,".section .rodata\n");
+ push(@out,$const);
+ $const="";
+ }
+ }
+
+sub main'data_byte
+ {
+ push(@out,"\t.byte\t".join(',',@_)."\n");
+ }
+
+sub main'data_word
+ {
+ push(@out,"\t.long\t".join(',',@_)."\n");
+ }
+
+sub main'align
+ {
+ my $val=$_[0],$p2,$i;
+ if ($main'aout) {
+ for ($p2=0;$val!=0;$val>>=1) { $p2++; }
+ $val=$p2-1;
+ $val.=",0x90";
+ }
+ push(@out,".align\t$val\n");
+ }
+
+# debug output functions: puts, putx, printf
+
+sub main'puts
+ {
+ &pushvars();
+ &main'push('$Lstring' . ++$constl);
+ &main'call('puts');
+ $stack-=4;
+ &main'add("esp",4);
+ &popvars();
+
+ $const .= "Lstring$constl:\n\t.string \"@_[0]\"\n";
+ }
+
+sub main'putx
+ {
+ &pushvars();
+ &main'push($_[0]);
+ &main'push('$Lstring' . ++$constl);
+ &main'call('printf');
+ &main'add("esp",8);
+ $stack-=8;
+ &popvars();
+
+ $const .= "Lstring$constl:\n\t.string \"\%X\"\n";
+ }
+
+sub main'printf
+ {
+ $ostack = $stack;
+ &pushvars();
+ for ($i = @_ - 1; $i >= 0; $i--)
+ {
+ if ($i == 0) # change this to support %s format strings
+ {
+ &main'push('$Lstring' . ++$constl);
+ $const .= "Lstring$constl:\n\t.string \"@_[$i]\"\n";
+ }
+ else
+ {
+ if ($_[$i] =~ /([0-9]*)\(%esp\)/)
+ {
+ &main'push(($1 + $stack - $ostack) . '(%esp)');
+ }
+ else
+ {
+ &main'push($_[$i]);
+ }
+ }
+ }
+ &main'call('printf');
+ $stack-=4*@_;
+ &main'add("esp",4*@_);
+ &popvars();
+ }
+
+sub pushvars
+ {
+ &main'pushf();
+ &main'push("edx");
+ &main'push("ecx");
+ &main'push("eax");
+ }
+
+sub popvars
+ {
+ &main'pop("eax");
+ &main'pop("ecx");
+ &main'pop("edx");
+ &main'popf();
}
+
+sub main'picmeup
+ {
+ local($dst,$sym)=@_;
+ if ($main'cpp)
+ {
+ local($tmp)=<<___;
+#if (defined(ELF) || defined(SOL)) && defined(PIC)
+ call 1f
+1: popl $regs{$dst}
+ addl \$_GLOBAL_OFFSET_TABLE_+[.-1b],$regs{$dst}
+ movl $sym\@GOT($regs{$dst}),$regs{$dst}
+#else
+ leal $sym,$regs{$dst}
+#endif
+___
+ push(@out,$tmp);
+ }
+ elsif ($main'pic && ($main'elf || $main'aout))
+ {
+ &main'call(&main'label("PIC_me_up"));
+ &main'set_label("PIC_me_up");
+ &main'blindpop($dst);
+ &main'add($dst,"\$${under}_GLOBAL_OFFSET_TABLE_+[.-".
+ &main'label("PIC_me_up") . "]");
+ &main'mov($dst,&main'DWP($under.$sym."\@GOT",$dst));
+ }
else
- { &::lea($dst,&::DWP("${under}_GLOBAL_OFFSET_TABLE_+[.-$reflabel]",
- $base));
+ {
+ &main'lea($dst,&main'DWP($sym));
+ }
}
- &::mov($dst,&::DWP($under.$sym."\@GOT",$dst));
- }
- else
- { &::lea($dst,&::DWP($sym)); }
-}
-sub ::initseg
-{ my($f)=@_;
- my($tmp,$ctor);
+sub main'blindpop { &out1("popl",@_); }
- if ($::elf)
- { $tmp=<<___;
+sub main'initseg
+ {
+ local($f)=@_;
+ local($tmp);
+ if ($main'elf)
+ {
+ $tmp=<<___;
.section .init
call $under$f
jmp .Linitalign
.align $align
.Linitalign:
___
- }
- elsif ($::coff)
- { $tmp=<<___; # applies to both Cygwin and Mingw
+ }
+ elsif ($main'coff)
+ {
+ $tmp=<<___; # applies to both Cygwin and Mingw
.section .ctors
.long $under$f
___
- }
- elsif ($::aout)
- { $ctor="${under}_GLOBAL_\$I\$$f";
- $tmp=".text\n";
- $tmp.=".type $ctor,\@function\n" if ($::pic);
- $tmp.=<<___; # OpenBSD way...
+ }
+ elsif ($main'aout)
+ {
+ local($ctor)="${under}_GLOBAL_\$I\$$f";
+ $tmp=".text\n";
+ $tmp.=".type $ctor,\@function\n" if ($main'pic);
+ $tmp.=<<___; # OpenBSD way...
.globl $ctor
.align 2
$ctor:
jmp $under$f
___
- }
- push(@out,$tmp) if ($tmp);
-}
+ }
+ push(@out,$tmp) if ($tmp);
+ }
1;
#include <stdio.h>
#include "cryptlib.h"
#include <openssl/pkcs12.h>
+#ifdef OPENSSL_FIPS
#include <openssl/fips.h>
+#endif
+
static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags, PKCS12_SAFEBAG *bag);
}
-/* Copy text from one BIO to another making the output CRLF at EOL */
-int SMIME_crlf_copy(BIO *in, BIO *out, int flags)
-{
- char eol;
- int len;
- char linebuf[MAX_SMLEN];
- if(flags & PKCS7_BINARY) {
- while((len = BIO_read(in, linebuf, MAX_SMLEN)) > 0)
- BIO_write(out, linebuf, len);
- return 1;
- }
- if(flags & PKCS7_TEXT)
- BIO_printf(out, "Content-Type: text/plain\r\n\r\n");
- while ((len = BIO_gets(in, linebuf, MAX_SMLEN)) > 0) {
- eol = strip_eol(linebuf, &len);
- if (len)
- BIO_write(out, linebuf, len);
- if(eol) BIO_write(out, "\r\n", 2);
- }
- return 1;
-}
-
-/* Strip off headers if they are text/plain */
-int SMIME_text(BIO *in, BIO *out)
-{
- char iobuf[4096];
- int len;
- STACK_OF(MIME_HEADER) *headers;
- MIME_HEADER *hdr;
-
- if (!(headers = mime_parse_hdr(in))) {
- PKCS7err(PKCS7_F_SMIME_TEXT,PKCS7_R_MIME_PARSE_ERROR);
- return 0;
- }
- if(!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) {
- PKCS7err(PKCS7_F_SMIME_TEXT,PKCS7_R_MIME_NO_CONTENT_TYPE);
- sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
- return 0;
- }
- if (strcmp (hdr->value, "text/plain")) {
- PKCS7err(PKCS7_F_SMIME_TEXT,PKCS7_R_INVALID_MIME_TYPE);
- ERR_add_error_data(2, "type: ", hdr->value);
- sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
- return 0;
- }
- sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
- while ((len = BIO_read(in, iobuf, sizeof(iobuf))) > 0)
- BIO_write(out, iobuf, len);
- return 1;
-}
-
/* Split a multipart/XXX message body into component parts: result is
* canonical parts in a STACK of bios
*/
#include <openssl/crypto.h>
#include <openssl/err.h>
+#ifdef OPENSSL_FIPS
#include <openssl/fips.h>
+#endif
+
#ifdef BN_DEBUG
# define PREDICT
#include "cryptlib.h"
#include "rand_lcl.h"
#include <openssl/rand.h>
+#ifdef OPENSSL_FIPS
#include <openssl/fips.h>
+#endif
+
#include <openssl/fips_rand.h>
#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
#include "cryptlib.h"
#include <openssl/rand.h>
#include "rand_lcl.h"
+#ifdef OPENSSL_FIPS
#include <openssl/fips.h>
+#endif
+
#include <openssl/fips_rand.h>
#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
#include <openssl/rc2.h>
#include <openssl/crypto.h>
+#ifdef OPENSSL_FIPS
#include <openssl/fips.h>
+#endif
+
#include "rc2_locl.h"
static unsigned char key_table[256]={
&movz ($ty,&BP(0,$d,$ty));
&add (&LB($x),1);
&xorb (&LB($ty),&BP(0,$in));
- &lea ($in,&BP(1,$in));
+ &lea ($in,&DWP(1,$in));
&movz ($tx,&BP(0,$d,$x));
&cmp ($in,&swtmp(2));
&movb (&BP(0,$out),&LB($ty));
- &lea ($out,&BP(1,$out));
+ &lea ($out,&DWP(1,$out));
&jb (&label("RC4_CHAR_loop"));
&set_label("finished");
#
# ====================================================================
# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
-# project. Rights for redistribution and usage in source and binary
-# forms are granted according to the OpenSSL license.
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
# ====================================================================
#
# 2.22x RC4 tune-up:-) It should be noted though that my hand [as in
# is not implemented, then this final RC4_CHAR code-path should be
# preferred, as it provides better *all-round* performance].
+# Intel Core2 was observed to perform poorly on both code paths:-( It
+# apparently suffers from some kind of partial register stall, which
+# occurs in 64-bit mode only [as virtually identical 32-bit loop was
+# observed to outperform 64-bit one by almost 50%]. Adding two movzb to
+# cloop1 boosts its performance by 80%! This loop appears to be optimal
+# fit for Core2 and therefore the code was modified to skip cloop8 on
+# this CPU.
+
$output=shift;
-open STDOUT,"| $^X ../perlasm/x86_64-xlate.pl $output";
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
+die "can't locate x86_64-xlate.pl";
+
+open STDOUT,"| $^X $xlate $output";
$dat="%rdi"; # arg1
$len="%rsi"; # arg2
movzb ($dat,$XX[0]),$TX[0]#d
test \$-8,$len
jz .Lcloop1
+ cmp \$0,260($dat)
+ jnz .Lcloop1
push %rbx
jmp .Lcloop8
.align 16
movb $TY#b,($dat,$XX[0])
add $TX[0]#b,$TY#b
add \$1,$XX[0]#b
+ movzb $TY#b,$TY#d
+ movzb $XX[0]#b,$XX[0]#d
movzb ($dat,$TY),$TY#d
movzb ($dat,$XX[0]),$TX[0]#d
xorb ($inp),$TY#b
.size RC4,.-RC4
___
+$idx="%r8";
+$ido="%r9";
+
+$code.=<<___;
+.extern OPENSSL_ia32cap_P
+.globl RC4_set_key
+.type RC4_set_key,\@function,3
+.align 16
+RC4_set_key:
+ lea 8($dat),$dat
+ lea ($inp,$len),$inp
+ neg $len
+ mov $len,%rcx
+ xor %eax,%eax
+ xor $ido,$ido
+ xor %r10,%r10
+ xor %r11,%r11
+
+ mov OPENSSL_ia32cap_P(%rip),$idx#d
+ bt \$20,$idx#d
+ jnc .Lw1stloop
+ bt \$30,$idx#d
+ setc $ido#b
+ mov $ido#d,260($dat)
+ jmp .Lc1stloop
+
+.align 16
+.Lw1stloop:
+ mov %eax,($dat,%rax,4)
+ add \$1,%al
+ jnc .Lw1stloop
+
+ xor $ido,$ido
+ xor $idx,$idx
+.align 16
+.Lw2ndloop:
+ mov ($dat,$ido,4),%r10d
+ add ($inp,$len,1),$idx#b
+ add %r10b,$idx#b
+ add \$1,$len
+ mov ($dat,$idx,4),%r11d
+ cmovz %rcx,$len
+ mov %r10d,($dat,$idx,4)
+ mov %r11d,($dat,$ido,4)
+ add \$1,$ido#b
+ jnc .Lw2ndloop
+ jmp .Lexit_key
+
+.align 16
+.Lc1stloop:
+ mov %al,($dat,%rax)
+ add \$1,%al
+ jnc .Lc1stloop
+
+ xor $ido,$ido
+ xor $idx,$idx
+.align 16
+.Lc2ndloop:
+ mov ($dat,$ido),%r10b
+ add ($inp,$len),$idx#b
+ add %r10b,$idx#b
+ add \$1,$len
+ mov ($dat,$idx),%r11b
+ jnz .Lcnowrap
+ mov %rcx,$len
+.Lcnowrap:
+ mov %r10b,($dat,$idx)
+ mov %r11b,($dat,$ido)
+ add \$1,$ido#b
+ jnc .Lc2ndloop
+ movl \$-1,256($dat)
+
+.align 16
+.Lexit_key:
+ xor %eax,%eax
+ mov %eax,-8($dat)
+ mov %eax,-4($dat)
+ ret
+.size RC4_set_key,.-RC4_set_key
+
+.globl RC4_options
+.type RC4_options,\@function,0
+.align 16
+RC4_options:
+ .picmeup %rax
+ lea .Lopts-.(%rax),%rax
+ mov OPENSSL_ia32cap_P(%rip),%edx
+ bt \$20,%edx
+ jnc .Ldone
+ add \$12,%rax
+ bt \$30,%edx
+ jnc .Ldone
+ add \$13,%rax
+.Ldone:
+ ret
+.align 64
+.Lopts:
+.asciz "rc4(8x,int)"
+.asciz "rc4(8x,char)"
+.asciz "rc4(1x,char)"
+.asciz "RC4 for x86_64, CRYPTOGAMS by <appro\@openssl.org>"
+.align 64
+.size RC4_options,.-RC4_options
+___
+
$code =~ s/#([bwd])/$1/gm;
print $code;
#include "rc4_locl.h"
#include <openssl/opensslv.h>
#include <openssl/crypto.h>
+#ifdef OPENSSL_FIPS
#include <openssl/fips.h>
+#endif
+
const char RC4_version[]="RC4" OPENSSL_VERSION_PTEXT;
#include <openssl/crypto.h>
#include <openssl/rc5.h>
+#ifdef OPENSSL_FIPS
#include <openssl/fips.h>
+#endif
+
#include "rc5_locl.h"
#ifdef OPENSSL_FIPS
#include "rmd_locl.h"
#include <openssl/opensslv.h>
#include <openssl/err.h>
+#ifdef OPENSSL_FIPS
#include <openssl/fips.h>
+#endif
+
const char RMD160_version[]="RIPE-MD160" OPENSSL_VERSION_PTEXT;
#define SHA_1
#include <openssl/opensslv.h>
+#ifdef OPENSSL_FIPS
#include <openssl/fips.h>
+#endif
+
const char SHA1_version[]="SHA1" OPENSSL_VERSION_PTEXT;
#include <openssl/crypto.h>
#include <openssl/sha.h>
+#ifdef OPENSSL_FIPS
#include <openssl/fips.h>
+#endif
+
#include <openssl/opensslv.h>
const char SHA256_version[]="SHA-256" OPENSSL_VERSION_PTEXT;
* ====================================================================
*/
#include <openssl/opensslconf.h>
+#ifdef OPENSSL_FIPS
#include <openssl/fips.h>
+#endif
+
#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA512)
/*
* IMPLEMENTATION NOTES.
#include <openssl/opensslconf.h>
#include <openssl/crypto.h>
+#ifdef OPENSSL_FIPS
#include <openssl/fips.h>
+#endif
+
#include <openssl/err.h>
#if !defined(OPENSSL_NO_SHA0) && !defined(OPENSSL_NO_SHA)
#define SKM_sk_push(type, st,val) \
sk_push(st, (char *)val)
#define SKM_sk_unshift(type, st,val) \
- sk_unshift(st, val)
+ sk_unshift(st, (char *)val)
#define SKM_sk_find(type, st,val) \
sk_find(st, (char *)val)
#define SKM_sk_delete(type, st,i) \
#define sk_BIO_sort(st) SKM_sk_sort(BIO, (st))
#define sk_BIO_is_sorted(st) SKM_sk_is_sorted(BIO, (st))
+#define sk_CMS_CertificateChoices_new(st) SKM_sk_new(CMS_CertificateChoices, (st))
+#define sk_CMS_CertificateChoices_new_null() SKM_sk_new_null(CMS_CertificateChoices)
+#define sk_CMS_CertificateChoices_free(st) SKM_sk_free(CMS_CertificateChoices, (st))
+#define sk_CMS_CertificateChoices_num(st) SKM_sk_num(CMS_CertificateChoices, (st))
+#define sk_CMS_CertificateChoices_value(st, i) SKM_sk_value(CMS_CertificateChoices, (st), (i))
+#define sk_CMS_CertificateChoices_set(st, i, val) SKM_sk_set(CMS_CertificateChoices, (st), (i), (val))
+#define sk_CMS_CertificateChoices_zero(st) SKM_sk_zero(CMS_CertificateChoices, (st))
+#define sk_CMS_CertificateChoices_push(st, val) SKM_sk_push(CMS_CertificateChoices, (st), (val))
+#define sk_CMS_CertificateChoices_unshift(st, val) SKM_sk_unshift(CMS_CertificateChoices, (st), (val))
+#define sk_CMS_CertificateChoices_find(st, val) SKM_sk_find(CMS_CertificateChoices, (st), (val))
+#define sk_CMS_CertificateChoices_find_ex(st, val) SKM_sk_find_ex(CMS_CertificateChoices, (st), (val))
+#define sk_CMS_CertificateChoices_delete(st, i) SKM_sk_delete(CMS_CertificateChoices, (st), (i))
+#define sk_CMS_CertificateChoices_delete_ptr(st, ptr) SKM_sk_delete_ptr(CMS_CertificateChoices, (st), (ptr))
+#define sk_CMS_CertificateChoices_insert(st, val, i) SKM_sk_insert(CMS_CertificateChoices, (st), (val), (i))
+#define sk_CMS_CertificateChoices_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_CertificateChoices, (st), (cmp))
+#define sk_CMS_CertificateChoices_dup(st) SKM_sk_dup(CMS_CertificateChoices, st)
+#define sk_CMS_CertificateChoices_pop_free(st, free_func) SKM_sk_pop_free(CMS_CertificateChoices, (st), (free_func))
+#define sk_CMS_CertificateChoices_shift(st) SKM_sk_shift(CMS_CertificateChoices, (st))
+#define sk_CMS_CertificateChoices_pop(st) SKM_sk_pop(CMS_CertificateChoices, (st))
+#define sk_CMS_CertificateChoices_sort(st) SKM_sk_sort(CMS_CertificateChoices, (st))
+#define sk_CMS_CertificateChoices_is_sorted(st) SKM_sk_is_sorted(CMS_CertificateChoices, (st))
+
+#define sk_CMS_RecipientInfo_new(st) SKM_sk_new(CMS_RecipientInfo, (st))
+#define sk_CMS_RecipientInfo_new_null() SKM_sk_new_null(CMS_RecipientInfo)
+#define sk_CMS_RecipientInfo_free(st) SKM_sk_free(CMS_RecipientInfo, (st))
+#define sk_CMS_RecipientInfo_num(st) SKM_sk_num(CMS_RecipientInfo, (st))
+#define sk_CMS_RecipientInfo_value(st, i) SKM_sk_value(CMS_RecipientInfo, (st), (i))
+#define sk_CMS_RecipientInfo_set(st, i, val) SKM_sk_set(CMS_RecipientInfo, (st), (i), (val))
+#define sk_CMS_RecipientInfo_zero(st) SKM_sk_zero(CMS_RecipientInfo, (st))
+#define sk_CMS_RecipientInfo_push(st, val) SKM_sk_push(CMS_RecipientInfo, (st), (val))
+#define sk_CMS_RecipientInfo_unshift(st, val) SKM_sk_unshift(CMS_RecipientInfo, (st), (val))
+#define sk_CMS_RecipientInfo_find(st, val) SKM_sk_find(CMS_RecipientInfo, (st), (val))
+#define sk_CMS_RecipientInfo_find_ex(st, val) SKM_sk_find_ex(CMS_RecipientInfo, (st), (val))
+#define sk_CMS_RecipientInfo_delete(st, i) SKM_sk_delete(CMS_RecipientInfo, (st), (i))
+#define sk_CMS_RecipientInfo_delete_ptr(st, ptr) SKM_sk_delete_ptr(CMS_RecipientInfo, (st), (ptr))
+#define sk_CMS_RecipientInfo_insert(st, val, i) SKM_sk_insert(CMS_RecipientInfo, (st), (val), (i))
+#define sk_CMS_RecipientInfo_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_RecipientInfo, (st), (cmp))
+#define sk_CMS_RecipientInfo_dup(st) SKM_sk_dup(CMS_RecipientInfo, st)
+#define sk_CMS_RecipientInfo_pop_free(st, free_func) SKM_sk_pop_free(CMS_RecipientInfo, (st), (free_func))
+#define sk_CMS_RecipientInfo_shift(st) SKM_sk_shift(CMS_RecipientInfo, (st))
+#define sk_CMS_RecipientInfo_pop(st) SKM_sk_pop(CMS_RecipientInfo, (st))
+#define sk_CMS_RecipientInfo_sort(st) SKM_sk_sort(CMS_RecipientInfo, (st))
+#define sk_CMS_RecipientInfo_is_sorted(st) SKM_sk_is_sorted(CMS_RecipientInfo, (st))
+
+#define sk_CMS_RevocationInfoChoice_new(st) SKM_sk_new(CMS_RevocationInfoChoice, (st))
+#define sk_CMS_RevocationInfoChoice_new_null() SKM_sk_new_null(CMS_RevocationInfoChoice)
+#define sk_CMS_RevocationInfoChoice_free(st) SKM_sk_free(CMS_RevocationInfoChoice, (st))
+#define sk_CMS_RevocationInfoChoice_num(st) SKM_sk_num(CMS_RevocationInfoChoice, (st))
+#define sk_CMS_RevocationInfoChoice_value(st, i) SKM_sk_value(CMS_RevocationInfoChoice, (st), (i))
+#define sk_CMS_RevocationInfoChoice_set(st, i, val) SKM_sk_set(CMS_RevocationInfoChoice, (st), (i), (val))
+#define sk_CMS_RevocationInfoChoice_zero(st) SKM_sk_zero(CMS_RevocationInfoChoice, (st))
+#define sk_CMS_RevocationInfoChoice_push(st, val) SKM_sk_push(CMS_RevocationInfoChoice, (st), (val))
+#define sk_CMS_RevocationInfoChoice_unshift(st, val) SKM_sk_unshift(CMS_RevocationInfoChoice, (st), (val))
+#define sk_CMS_RevocationInfoChoice_find(st, val) SKM_sk_find(CMS_RevocationInfoChoice, (st), (val))
+#define sk_CMS_RevocationInfoChoice_find_ex(st, val) SKM_sk_find_ex(CMS_RevocationInfoChoice, (st), (val))
+#define sk_CMS_RevocationInfoChoice_delete(st, i) SKM_sk_delete(CMS_RevocationInfoChoice, (st), (i))
+#define sk_CMS_RevocationInfoChoice_delete_ptr(st, ptr) SKM_sk_delete_ptr(CMS_RevocationInfoChoice, (st), (ptr))
+#define sk_CMS_RevocationInfoChoice_insert(st, val, i) SKM_sk_insert(CMS_RevocationInfoChoice, (st), (val), (i))
+#define sk_CMS_RevocationInfoChoice_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_RevocationInfoChoice, (st), (cmp))
+#define sk_CMS_RevocationInfoChoice_dup(st) SKM_sk_dup(CMS_RevocationInfoChoice, st)
+#define sk_CMS_RevocationInfoChoice_pop_free(st, free_func) SKM_sk_pop_free(CMS_RevocationInfoChoice, (st), (free_func))
+#define sk_CMS_RevocationInfoChoice_shift(st) SKM_sk_shift(CMS_RevocationInfoChoice, (st))
+#define sk_CMS_RevocationInfoChoice_pop(st) SKM_sk_pop(CMS_RevocationInfoChoice, (st))
+#define sk_CMS_RevocationInfoChoice_sort(st) SKM_sk_sort(CMS_RevocationInfoChoice, (st))
+#define sk_CMS_RevocationInfoChoice_is_sorted(st) SKM_sk_is_sorted(CMS_RevocationInfoChoice, (st))
+
+#define sk_CMS_SignerInfo_new(st) SKM_sk_new(CMS_SignerInfo, (st))
+#define sk_CMS_SignerInfo_new_null() SKM_sk_new_null(CMS_SignerInfo)
+#define sk_CMS_SignerInfo_free(st) SKM_sk_free(CMS_SignerInfo, (st))
+#define sk_CMS_SignerInfo_num(st) SKM_sk_num(CMS_SignerInfo, (st))
+#define sk_CMS_SignerInfo_value(st, i) SKM_sk_value(CMS_SignerInfo, (st), (i))
+#define sk_CMS_SignerInfo_set(st, i, val) SKM_sk_set(CMS_SignerInfo, (st), (i), (val))
+#define sk_CMS_SignerInfo_zero(st) SKM_sk_zero(CMS_SignerInfo, (st))
+#define sk_CMS_SignerInfo_push(st, val) SKM_sk_push(CMS_SignerInfo, (st), (val))
+#define sk_CMS_SignerInfo_unshift(st, val) SKM_sk_unshift(CMS_SignerInfo, (st), (val))
+#define sk_CMS_SignerInfo_find(st, val) SKM_sk_find(CMS_SignerInfo, (st), (val))
+#define sk_CMS_SignerInfo_find_ex(st, val) SKM_sk_find_ex(CMS_SignerInfo, (st), (val))
+#define sk_CMS_SignerInfo_delete(st, i) SKM_sk_delete(CMS_SignerInfo, (st), (i))
+#define sk_CMS_SignerInfo_delete_ptr(st, ptr) SKM_sk_delete_ptr(CMS_SignerInfo, (st), (ptr))
+#define sk_CMS_SignerInfo_insert(st, val, i) SKM_sk_insert(CMS_SignerInfo, (st), (val), (i))
+#define sk_CMS_SignerInfo_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_SignerInfo, (st), (cmp))
+#define sk_CMS_SignerInfo_dup(st) SKM_sk_dup(CMS_SignerInfo, st)
+#define sk_CMS_SignerInfo_pop_free(st, free_func) SKM_sk_pop_free(CMS_SignerInfo, (st), (free_func))
+#define sk_CMS_SignerInfo_shift(st) SKM_sk_shift(CMS_SignerInfo, (st))
+#define sk_CMS_SignerInfo_pop(st) SKM_sk_pop(CMS_SignerInfo, (st))
+#define sk_CMS_SignerInfo_sort(st) SKM_sk_sort(CMS_SignerInfo, (st))
+#define sk_CMS_SignerInfo_is_sorted(st) SKM_sk_is_sorted(CMS_SignerInfo, (st))
+
#define sk_CONF_IMODULE_new(st) SKM_sk_new(CONF_IMODULE, (st))
#define sk_CONF_IMODULE_new_null() SKM_sk_new_null(CONF_IMODULE)
#define sk_CONF_IMODULE_free(st) SKM_sk_free(CONF_IMODULE, (st))
#define sk_GENERAL_NAME_sort(st) SKM_sk_sort(GENERAL_NAME, (st))
#define sk_GENERAL_NAME_is_sorted(st) SKM_sk_is_sorted(GENERAL_NAME, (st))
+#define sk_GENERAL_NAMES_new(st) SKM_sk_new(GENERAL_NAMES, (st))
+#define sk_GENERAL_NAMES_new_null() SKM_sk_new_null(GENERAL_NAMES)
+#define sk_GENERAL_NAMES_free(st) SKM_sk_free(GENERAL_NAMES, (st))
+#define sk_GENERAL_NAMES_num(st) SKM_sk_num(GENERAL_NAMES, (st))
+#define sk_GENERAL_NAMES_value(st, i) SKM_sk_value(GENERAL_NAMES, (st), (i))
+#define sk_GENERAL_NAMES_set(st, i, val) SKM_sk_set(GENERAL_NAMES, (st), (i), (val))
+#define sk_GENERAL_NAMES_zero(st) SKM_sk_zero(GENERAL_NAMES, (st))
+#define sk_GENERAL_NAMES_push(st, val) SKM_sk_push(GENERAL_NAMES, (st), (val))
+#define sk_GENERAL_NAMES_unshift(st, val) SKM_sk_unshift(GENERAL_NAMES, (st), (val))
+#define sk_GENERAL_NAMES_find(st, val) SKM_sk_find(GENERAL_NAMES, (st), (val))
+#define sk_GENERAL_NAMES_find_ex(st, val) SKM_sk_find_ex(GENERAL_NAMES, (st), (val))
+#define sk_GENERAL_NAMES_delete(st, i) SKM_sk_delete(GENERAL_NAMES, (st), (i))
+#define sk_GENERAL_NAMES_delete_ptr(st, ptr) SKM_sk_delete_ptr(GENERAL_NAMES, (st), (ptr))
+#define sk_GENERAL_NAMES_insert(st, val, i) SKM_sk_insert(GENERAL_NAMES, (st), (val), (i))
+#define sk_GENERAL_NAMES_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(GENERAL_NAMES, (st), (cmp))
+#define sk_GENERAL_NAMES_dup(st) SKM_sk_dup(GENERAL_NAMES, st)
+#define sk_GENERAL_NAMES_pop_free(st, free_func) SKM_sk_pop_free(GENERAL_NAMES, (st), (free_func))
+#define sk_GENERAL_NAMES_shift(st) SKM_sk_shift(GENERAL_NAMES, (st))
+#define sk_GENERAL_NAMES_pop(st) SKM_sk_pop(GENERAL_NAMES, (st))
+#define sk_GENERAL_NAMES_sort(st) SKM_sk_sort(GENERAL_NAMES, (st))
+#define sk_GENERAL_NAMES_is_sorted(st) SKM_sk_is_sorted(GENERAL_NAMES, (st))
+
#define sk_GENERAL_SUBTREE_new(st) SKM_sk_new(GENERAL_SUBTREE, (st))
#define sk_GENERAL_SUBTREE_new_null() SKM_sk_new_null(GENERAL_SUBTREE)
#define sk_GENERAL_SUBTREE_free(st) SKM_sk_free(GENERAL_SUBTREE, (st))
ASN1_TYPE *parameter;
} /* X509_ALGOR */;
-DECLARE_STACK_OF(X509_ALGOR)
DECLARE_ASN1_SET_OF(X509_ALGOR)
+typedef STACK_OF(X509_ALGOR) X509_ALGORS;
+
typedef struct X509_val_st
{
ASN1_TIME *notBefore;
X509_CRL *X509_CRL_dup(X509_CRL *crl);
X509_REQ *X509_REQ_dup(X509_REQ *req);
X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *xn);
+int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval);
+void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, void **ppval,
+ X509_ALGOR *algor);
+
X509_NAME *X509_NAME_dup(X509_NAME *xn);
X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne);
X509 * X509_REQ_to_X509(X509_REQ *r, int days,EVP_PKEY *pkey);
DECLARE_ASN1_FUNCTIONS(X509_ALGOR)
+DECLARE_ASN1_ENCODE_FUNCTIONS(X509_ALGORS, X509_ALGORS, X509_ALGORS)
DECLARE_ASN1_FUNCTIONS(X509_VAL)
DECLARE_ASN1_FUNCTIONS(X509_PUBKEY)
STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) **x,
const char *attrname, int type,
const unsigned char *bytes, int len);
+void *X509at_get0_data_by_OBJ(STACK_OF(X509_ATTRIBUTE) *x,
+ ASN1_OBJECT *obj, int lastpos, int type);
X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid,
int atrtype, const void *data, int len);
X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr,
int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x)
{
- if (!x) return 0;
- return(sk_X509_ATTRIBUTE_num(x));
+ return sk_X509_ATTRIBUTE_num(x);
}
int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid,
return ret;
}
+void *X509at_get0_data_by_OBJ(STACK_OF(X509_ATTRIBUTE) *x,
+ ASN1_OBJECT *obj, int lastpos, int type)
+{
+ int i;
+ X509_ATTRIBUTE *at;
+ i = X509at_get_attr_by_OBJ(x, obj, lastpos);
+ if (i == -1)
+ return NULL;
+ if ((lastpos <= -2) && (X509at_get_attr_by_OBJ(x, obj, i) != -1))
+ return NULL;
+ at = X509at_get_attr(x, i);
+ if (lastpos <= -3 && (X509_ATTRIBUTE_count(at) != 1))
+ return NULL;
+ return X509_ATTRIBUTE_get0_data(at, 0, type, NULL);
+}
+
X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid,
int atrtype, const void *data, int len)
{
int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, const void *data, int len)
{
ASN1_TYPE *ttmp;
- ASN1_STRING *stmp;
- int atype;
+ ASN1_STRING *stmp = NULL;
+ int atype = 0;
if (!attr) return 0;
if(attrtype & MBSTRING_FLAG) {
stmp = ASN1_STRING_set_by_NID(NULL, data, len, attrtype,
return 0;
}
atype = stmp->type;
- } else {
+ } else if (len != -1){
if(!(stmp = ASN1_STRING_type_new(attrtype))) goto err;
if(!ASN1_STRING_set(stmp, data, len)) goto err;
atype = attrtype;
}
if(!(attr->value.set = sk_ASN1_TYPE_new_null())) goto err;
if(!(ttmp = ASN1_TYPE_new())) goto err;
+ if ((len == -1) && !(attrtype & MBSTRING_FLAG))
+ {
+ if (!ASN1_TYPE_set1(ttmp, attrtype, data))
+ goto err;
+ }
+ else
+ ASN1_TYPE_set(ttmp, atype, stmp);
if(!sk_ASN1_TYPE_push(attr->value.set, ttmp)) goto err;
attr->single = 0;
- ASN1_TYPE_set(ttmp, atype, stmp);
return 1;
err:
X509err(X509_F_X509_ATTRIBUTE_SET1_DATA, ERR_R_MALLOC_FAILURE);
and \$15,%ah
cmp \$15,%ah # examine Family ID
je .Lnotintel
- or \$0x40000000,%edx # use reserved 30th bit to skip unrolled loop
+ or \$0x40000000,%edx # use reserved bit to skip unrolled loop
.Lnotintel:
bt \$28,%edx # test hyper-threading bit
jnc .Ldone
&cpuid ();
&xor ("eax","eax");
&cmp ("ebx",0x756e6547); # "Genu"
- &setne (&LB("eax"));
+ &data_byte(0x0f,0x95,0xc0); #&setne (&LB("eax"));
&mov ("ebp","eax");
&cmp ("edx",0x49656e69); # "ineI"
- &setne (&LB("eax"));
+ &data_byte(0x0f,0x95,0xc0); #&setne (&LB("eax"));
&or ("ebp","eax");
&cmp ("ecx",0x6c65746e); # "ntel"
- &setne (&LB("eax"));
+ &data_byte(0x0f,0x95,0xc0); #&setne (&LB("eax"));
&or ("ebp","eax");
&mov ("eax",1);
&cpuid ();
&cmp ("ebp",0);
&jne (&label("notP4"));
- &and (&HB("eax"),15); # familiy ID
- &cmp (&HB("eax"),15); # P4?
+ &and ("eax",15<<8); # familiy ID
+ &cmp ("eax",15<<8); # P4?
&jne (&label("notP4"));
&or ("edx",1<<20); # use reserved bit to engage RC4_CHAR
&set_label("notP4");
&bt ("edx",28); # test hyper-threading bit
&jnc (&label("done"));
&shr ("ebx",16);
- &cmp (&LB("ebx"),1); # see if cache is shared(*)
+ &and ("ebx",0xff);
+ &cmp ("ebx",1); # see if cache is shared(*)
&ja (&label("done"));
&and ("edx",0xefffffff); # clear hyper-threading bit if not
&set_label("done");
[B<-verify filename>]
[B<-prverify filename>]
[B<-signature filename>]
+[B<-hmac key>]
[B<file...>]
[B<md5|md4|md2|sha1|sha|mdc2|ripemd160>]
the actual signature to verify.
+=item B<-hmac key>
+
+create a hashed MAC using "key".
+
=item B<-rand file(s)>
a file or files containing random data used to seed the random number
[B<-context id>]
[B<-verify depth>]
[B<-Verify depth>]
+[B<-crl_check>]
+[B<-crl_check_all>]
[B<-cert filename>]
[B<-certform DER|PEM>]
[B<-key keyfile>]
client does not have to send one, with the B<-Verify> option the client
must supply a certificate or an error occurs.
+=item B<-crl_check>, B<-crl_check_all>
+
+Check the peer certificate has not been revoked by its CA.
+The CRL(s) are appended to the certificate file. With the B<-crl_check_all>
+option all CRLs of all CAs in the chain are checked.
+
=item B<-CApath directory>
The directory to use for client certificate verification. This directory
the issuer certificate could not be found: this occurs if the issuer certificate
of an untrusted certificate cannot be found.
-=item B<3 X509_V_ERR_UNABLE_TO_GET_CRL unable to get certificate CRL>
+=item B<3 X509_V_ERR_UNABLE_TO_GET_CRL: unable to get certificate CRL>
the CRL of a certificate could not be found. Unused.
(c-add-style "eay"
'((c-basic-offset . 8)
+ (indent-tabs-mode . t)
(c-comment-only-line-offset . 0)
(c-hanging-braces-alist)
(c-offsets-alist . ((defun-open . +)
This specifies the format of the ultimate value. It should be followed
by a colon and one of the strings B<ASCII>, B<UTF8>, B<HEX> or B<BITLIST>.
-If no format specifier is included then B<ASCII> is used. If B<UTF8> is specified
-then the value string must be a valid B<UTF8> string. For B<HEX> the output must
-be a set of hex digits. B<BITLIST> (which is only valid for a BIT STRING) is a
-comma separated list of set bits.
+If no format specifier is included then B<ASCII> is used. If B<UTF8> is
+specified then the value string must be a valid B<UTF8> string. For B<HEX> the
+output must be a set of hex digits. B<BITLIST> (which is only valid for a BIT
+STRING) is a comma separated list of the indices of the set bits, all other
+bits are zero.
=back
EXPLICIT:0A,IA5STRING:Hello World
+A BITSTRING with bits 1 and 5 set and all others zero:
+
+ FORMAT=BITLIST,BITSTRING:1,5
+
A more complex example using a config file to produce a
SEQUENCE consiting of a BOOL an OID and a UTF8String:
APPS=
LIB=$(TOP)/libcrypto.a
-LIBNAMES= 4758cca aep atalla cswift gmp chil nuron sureware ubsec
+LIBNAMES= 4758cca aep atalla cswift gmp chil nuron sureware ubsec capi
LIBSRC= e_4758cca.c \
e_aep.c \
e_chil.c \
e_nuron.c \
e_sureware.c \
- e_ubsec.c
+ e_ubsec.c \
+ e_capi.c
LIBOBJ= e_4758cca.o \
e_aep.o \
e_atalla.o \
e_chil.o \
e_nuron.o \
e_sureware.o \
- e_ubsec.o
+ e_ubsec.o \
+ e_capi.o
SRC= $(LIBSRC)
e_chil_err.c e_chil_err.h \
e_nuron_err.c e_nuron_err.h \
e_sureware_err.c e_sureware_err.h \
- e_ubsec_err.c e_ubsec_err.h
+ e_ubsec_err.c e_ubsec_err.h \
+ e_capi_err.c e_capi_err.h
ALL= $(GENERAL) $(SRC) $(HEADER)
e_4758cca.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
e_4758cca.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
e_4758cca.o: ../include/openssl/engine.h ../include/openssl/err.h
-e_4758cca.o: ../include/openssl/evp.h ../include/openssl/fips.h
-e_4758cca.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-e_4758cca.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-e_4758cca.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-e_4758cca.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-e_4758cca.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-e_4758cca.o: ../include/openssl/sha.h ../include/openssl/stack.h
-e_4758cca.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
-e_4758cca.o: ../include/openssl/x509_vfy.h e_4758cca.c e_4758cca_err.c
-e_4758cca.o: e_4758cca_err.h vendor_defns/hw_4758_cca.h
+e_4758cca.o: ../include/openssl/evp.h ../include/openssl/lhash.h
+e_4758cca.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+e_4758cca.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+e_4758cca.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
+e_4758cca.o: ../include/openssl/rand.h ../include/openssl/rsa.h
+e_4758cca.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+e_4758cca.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+e_4758cca.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+e_4758cca.o: e_4758cca.c e_4758cca_err.c e_4758cca_err.h
+e_4758cca.o: vendor_defns/hw_4758_cca.h
e_aep.o: ../include/openssl/asn1.h ../include/openssl/bio.h
e_aep.o: ../include/openssl/bn.h ../include/openssl/buffer.h
e_aep.o: ../include/openssl/crypto.h ../include/openssl/dh.h
e_chil.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
e_chil.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
e_chil.o: ../include/openssl/err.h ../include/openssl/evp.h
-e_chil.o: ../include/openssl/fips.h ../include/openssl/lhash.h
-e_chil.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-e_chil.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-e_chil.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-e_chil.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-e_chil.o: ../include/openssl/rand.h ../include/openssl/rsa.h
-e_chil.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-e_chil.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-e_chil.o: ../include/openssl/ui.h ../include/openssl/x509.h
-e_chil.o: ../include/openssl/x509_vfy.h e_chil.c e_chil_err.c e_chil_err.h
-e_chil.o: vendor_defns/hwcryptohook.h
+e_chil.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+e_chil.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+e_chil.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+e_chil.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+e_chil.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+e_chil.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+e_chil.o: ../include/openssl/sha.h ../include/openssl/stack.h
+e_chil.o: ../include/openssl/symhacks.h ../include/openssl/ui.h
+e_chil.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h e_chil.c
+e_chil.o: e_chil_err.c e_chil_err.h vendor_defns/hwcryptohook.h
e_cswift.o: ../include/openssl/asn1.h ../include/openssl/bio.h
e_cswift.o: ../include/openssl/bn.h ../include/openssl/buffer.h
e_cswift.o: ../include/openssl/crypto.h ../include/openssl/dh.h
e_sureware.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
e_sureware.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
e_sureware.o: ../include/openssl/engine.h ../include/openssl/err.h
-e_sureware.o: ../include/openssl/evp.h ../include/openssl/fips.h
-e_sureware.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-e_sureware.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-e_sureware.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-e_sureware.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-e_sureware.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-e_sureware.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-e_sureware.o: ../include/openssl/sha.h ../include/openssl/stack.h
-e_sureware.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
-e_sureware.o: ../include/openssl/x509_vfy.h e_sureware.c e_sureware_err.c
-e_sureware.o: e_sureware_err.h vendor_defns/sureware.h
+e_sureware.o: ../include/openssl/evp.h ../include/openssl/lhash.h
+e_sureware.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+e_sureware.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+e_sureware.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+e_sureware.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+e_sureware.o: ../include/openssl/rand.h ../include/openssl/rsa.h
+e_sureware.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+e_sureware.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+e_sureware.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+e_sureware.o: e_sureware.c e_sureware_err.c e_sureware_err.h
+e_sureware.o: vendor_defns/sureware.h
e_ubsec.o: ../include/openssl/asn1.h ../include/openssl/bio.h
e_ubsec.o: ../include/openssl/bn.h ../include/openssl/buffer.h
e_ubsec.o: ../include/openssl/crypto.h ../include/openssl/dh.h
#ifndef HEADER_CCA4758_ERR_H
#define HEADER_CCA4758_ERR_H
+#ifdef __cplusplus
+extern "C" {
+#endif
+
/* BEGIN ERROR CODES */
/* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
typedef int pid_t;
#endif
+#if defined(OPENSSL_SYS_NETWARE) && defined(NETWARE_CLIB)
+#define getpid GetThreadID
+extern int GetThreadID(void);
+#endif
+
#include <openssl/crypto.h>
#include <openssl/dso.h>
#include <openssl/engine.h>
#ifndef HEADER_AEPHK_ERR_H
#define HEADER_AEPHK_ERR_H
+#ifdef __cplusplus
+extern "C" {
+#endif
+
/* BEGIN ERROR CODES */
/* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
#ifndef HEADER_ATALLA_ERR_H
#define HEADER_ATALLA_ERR_H
+#ifdef __cplusplus
+extern "C" {
+#endif
+
/* BEGIN ERROR CODES */
/* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
--- /dev/null
+/* engines/e_capi.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+
+#include <stdio.h>
+#include <string.h>
+#include <openssl/crypto.h>
+#include <openssl/buffer.h>
+#include <openssl/rsa.h>
+#include <openssl/bn.h>
+
+#ifdef OPENSSL_SYS_WIN32
+#ifndef OPENSSL_NO_CAPIENG
+
+#include <windows.h>
+#include <wincrypt.h>
+
+#undef X509_EXTENSIONS
+#undef X509_CERT_PAIR
+
+#include <openssl/engine.h>
+#include <openssl/pem.h>
+
+#include "e_capi_err.h"
+#include "e_capi_err.c"
+
+
+static const char *engine_capi_id = "capi";
+static const char *engine_capi_name = "CryptoAPI ENGINE";
+
+typedef struct CAPI_CTX_st CAPI_CTX;
+typedef struct CAPI_KEY_st CAPI_KEY;
+
+static void capi_addlasterror(void);
+static void capi_adderror(DWORD err);
+
+static void CAPI_trace(CAPI_CTX *ctx, char *format, ...);
+
+static int capi_list_providers(CAPI_CTX *ctx, BIO *out);
+static int capi_list_containers(CAPI_CTX *ctx, BIO *out);
+int capi_list_certs(CAPI_CTX *ctx, BIO *out, char *storename);
+void capi_free_key(CAPI_KEY *key);
+
+static PCCERT_CONTEXT capi_find_cert(CAPI_CTX *ctx, const char *id, HCERTSTORE hstore);
+
+CAPI_KEY *capi_find_key(CAPI_CTX *ctx, const char *id);
+
+static EVP_PKEY *capi_load_privkey(ENGINE *eng, const char *key_id,
+ UI_METHOD *ui_method, void *callback_data);
+static int capi_rsa_sign(int dtype, const unsigned char *m, unsigned int m_len,
+ unsigned char *sigret, unsigned int *siglen, const RSA *rsa);
+static int capi_rsa_priv_enc(int flen, const unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding);
+static int capi_rsa_priv_dec(int flen, const unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding);
+static int capi_rsa_free(RSA *rsa);
+
+static DSA_SIG *capi_dsa_do_sign(const unsigned char *digest, int dlen,
+ DSA *dsa);
+static int capi_dsa_free(DSA *dsa);
+
+static int capi_load_ssl_client_cert(ENGINE *e, SSL *ssl,
+ STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **pkey,
+ STACK_OF(X509) **pother, UI_METHOD *ui_method, void *callback_data);
+
+static int cert_select_simple(ENGINE *e, SSL *ssl, STACK_OF(X509) *certs);
+#ifdef OPENSSL_CAPIENG_DIALOG
+static int cert_select_dialog(ENGINE *e, SSL *ssl, STACK_OF(X509) *certs);
+#endif
+
+typedef PCCERT_CONTEXT (WINAPI *CERTDLG)(HCERTSTORE, HWND, LPCWSTR,
+ LPCWSTR, DWORD, DWORD,
+ void *);
+typedef HWND (WINAPI *GETCONSWIN)(void);
+
+/* This structure contains CAPI ENGINE specific data:
+ * it contains various global options and affects how
+ * other functions behave.
+ */
+
+#define CAPI_DBG_TRACE 2
+#define CAPI_DBG_ERROR 1
+
+struct CAPI_CTX_st {
+ int debug_level;
+ char *debug_file;
+ /* Parameters to use for container lookup */
+ DWORD keytype;
+ LPTSTR cspname;
+ DWORD csptype;
+ /* Certificate store name to use */
+ LPTSTR storename;
+ LPTSTR ssl_client_store;
+
+/* Lookup string meanings in load_private_key */
+/* Substring of subject: uses "storename" */
+#define CAPI_LU_SUBSTR 0
+/* Friendly name: uses storename */
+#define CAPI_LU_FNAME 1
+/* Container name: uses cspname, keytype */
+#define CAPI_LU_CONTNAME 2
+ int lookup_method;
+/* Info to dump with dumpcerts option */
+/* Issuer and serial name strings */
+#define CAPI_DMP_SUMMARY 0x1
+/* Friendly name */
+#define CAPI_DMP_FNAME 0x2
+/* Full X509_print dump */
+#define CAPI_DMP_FULL 0x4
+/* Dump PEM format certificate */
+#define CAPI_DMP_PEM 0x8
+/* Dump pseudo key (if possible) */
+#define CAPI_DMP_PSKEY 0x10
+/* Dump key info (if possible) */
+#define CAPI_DMP_PKEYINFO 0x20
+
+ DWORD dump_flags;
+ int (*client_cert_select)(ENGINE *e, SSL *ssl, STACK_OF(X509) *certs);
+
+ CERTDLG certselectdlg;
+ GETCONSWIN getconswindow;
+};
+
+
+static CAPI_CTX *capi_ctx_new();
+static void capi_ctx_free(CAPI_CTX *ctx);
+static int capi_ctx_set_provname(CAPI_CTX *ctx, LPSTR pname, DWORD type, int check);
+static int capi_ctx_set_provname_idx(CAPI_CTX *ctx, int idx);
+
+#define CAPI_CMD_LIST_CERTS ENGINE_CMD_BASE
+#define CAPI_CMD_LOOKUP_CERT (ENGINE_CMD_BASE + 1)
+#define CAPI_CMD_DEBUG_LEVEL (ENGINE_CMD_BASE + 2)
+#define CAPI_CMD_DEBUG_FILE (ENGINE_CMD_BASE + 3)
+#define CAPI_CMD_KEYTYPE (ENGINE_CMD_BASE + 4)
+#define CAPI_CMD_LIST_CSPS (ENGINE_CMD_BASE + 5)
+#define CAPI_CMD_SET_CSP_IDX (ENGINE_CMD_BASE + 6)
+#define CAPI_CMD_SET_CSP_NAME (ENGINE_CMD_BASE + 7)
+#define CAPI_CMD_SET_CSP_TYPE (ENGINE_CMD_BASE + 8)
+#define CAPI_CMD_LIST_CONTAINERS (ENGINE_CMD_BASE + 9)
+#define CAPI_CMD_LIST_OPTIONS (ENGINE_CMD_BASE + 10)
+#define CAPI_CMD_LOOKUP_METHOD (ENGINE_CMD_BASE + 11)
+#define CAPI_CMD_STORE_NAME (ENGINE_CMD_BASE + 12)
+
+static const ENGINE_CMD_DEFN capi_cmd_defns[] = {
+ {CAPI_CMD_LIST_CERTS,
+ "list_certs",
+ "List all certificates in store",
+ ENGINE_CMD_FLAG_NO_INPUT},
+ {CAPI_CMD_LOOKUP_CERT,
+ "lookup_cert",
+ "Lookup and output certificates",
+ ENGINE_CMD_FLAG_STRING},
+ {CAPI_CMD_DEBUG_LEVEL,
+ "debug_level",
+ "debug level (1=errors, 2=trace)",
+ ENGINE_CMD_FLAG_NUMERIC},
+ {CAPI_CMD_DEBUG_FILE,
+ "debug_file",
+ "debugging filename)",
+ ENGINE_CMD_FLAG_STRING},
+ {CAPI_CMD_KEYTYPE,
+ "key_type",
+ "Key type: 1=AT_KEYEXCHANGE (default), 2=AT_SIGNATURE",
+ ENGINE_CMD_FLAG_NUMERIC},
+ {CAPI_CMD_LIST_CSPS,
+ "list_csps",
+ "List all CSPs",
+ ENGINE_CMD_FLAG_NO_INPUT},
+ {CAPI_CMD_SET_CSP_IDX,
+ "csp_idx",
+ "Set CSP by index",
+ ENGINE_CMD_FLAG_NUMERIC},
+ {CAPI_CMD_SET_CSP_NAME,
+ "csp_name",
+ "Set CSP name, (default CSP used if not specified)",
+ ENGINE_CMD_FLAG_STRING},
+ {CAPI_CMD_SET_CSP_TYPE,
+ "csp_type",
+ "Set CSP type, (default RSA_PROV_FULL)",
+ ENGINE_CMD_FLAG_NUMERIC},
+ {CAPI_CMD_LIST_CONTAINERS,
+ "list_containers",
+ "list container names",
+ ENGINE_CMD_FLAG_NO_INPUT},
+ {CAPI_CMD_LIST_OPTIONS,
+ "list_options",
+ "Set list options (1=summary,2=friendly name, 4=full printout, 8=PEM output, 16=XXX, "
+ "32=private key info)",
+ ENGINE_CMD_FLAG_NUMERIC},
+ {CAPI_CMD_LOOKUP_METHOD,
+ "lookup_method",
+ "Set key lookup method (1=substring, 2=friendlyname, 3=container name)",
+ ENGINE_CMD_FLAG_NUMERIC},
+ {CAPI_CMD_STORE_NAME,
+ "store_name",
+ "certificate store name, default \"MY\"",
+ ENGINE_CMD_FLAG_STRING},
+
+ {0, NULL, NULL, 0}
+ };
+
+static int capi_idx = -1;
+static int rsa_capi_idx = -1;
+static int dsa_capi_idx = -1;
+static int cert_capi_idx = -1;
+
+static int capi_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
+ {
+ int ret = 1;
+ CAPI_CTX *ctx;
+ BIO *out;
+ if (capi_idx == -1)
+ {
+ CAPIerr(CAPI_F_CAPI_CTRL, CAPI_R_ENGINE_NOT_INITIALIZED);
+ return 0;
+ }
+ ctx = ENGINE_get_ex_data(e, capi_idx);
+ out = BIO_new_fp(stdout, BIO_NOCLOSE);
+ switch (cmd)
+ {
+ case CAPI_CMD_LIST_CSPS:
+ ret = capi_list_providers(ctx, out);
+ break;
+
+ case CAPI_CMD_LIST_CERTS:
+ ret = capi_list_certs(ctx, out, NULL);
+ break;
+
+ case CAPI_CMD_LOOKUP_CERT:
+ ret = capi_list_certs(ctx, out, p);
+ break;
+
+ case CAPI_CMD_LIST_CONTAINERS:
+ ret = capi_list_containers(ctx, out);
+ break;
+
+ case CAPI_CMD_STORE_NAME:
+ if (ctx->storename)
+ OPENSSL_free(ctx->storename);
+ ctx->storename = BUF_strdup(p);
+ CAPI_trace(ctx, "Setting store name to %s\n", p);
+ break;
+
+ case CAPI_CMD_DEBUG_LEVEL:
+ ctx->debug_level = (int)i;
+ CAPI_trace(ctx, "Setting debug level to %d\n", ctx->debug_level);
+ break;
+
+ case CAPI_CMD_DEBUG_FILE:
+ ctx->debug_file = BUF_strdup(p);
+ CAPI_trace(ctx, "Setting debug file to %s\n", ctx->debug_file);
+ break;
+
+ case CAPI_CMD_KEYTYPE:
+ ctx->keytype = i;
+ CAPI_trace(ctx, "Setting key type to %d\n", ctx->keytype);
+ break;
+
+ case CAPI_CMD_SET_CSP_IDX:
+ ret = capi_ctx_set_provname_idx(ctx, i);
+ break;
+
+ case CAPI_CMD_LIST_OPTIONS:
+ ctx->dump_flags = i;
+ break;
+
+ case CAPI_CMD_LOOKUP_METHOD:
+ if (i < 1 || i > 3)
+ {
+ CAPIerr(CAPI_F_CAPI_CTRL, CAPI_R_INVALID_LOOKUP_METHOD);
+ return 0;
+ }
+ ctx->lookup_method = i;
+ break;
+
+ case CAPI_CMD_SET_CSP_NAME:
+ ret = capi_ctx_set_provname(ctx, p, ctx->csptype, 1);
+ break;
+
+ case CAPI_CMD_SET_CSP_TYPE:
+ ctx->csptype = i;
+ break;
+
+ default:
+ CAPIerr(CAPI_F_CAPI_CTRL, CAPI_R_UNKNOWN_COMMAND);
+ ret = 0;
+ }
+
+ BIO_free(out);
+ return ret;
+
+ }
+
+static RSA_METHOD capi_rsa_method =
+ {
+ "CryptoAPI RSA method",
+ 0, /* pub_enc */
+ 0, /* pub_dec */
+ capi_rsa_priv_enc, /* priv_enc */
+ capi_rsa_priv_dec, /* priv_dec */
+ 0, /* rsa_mod_exp */
+ 0, /* bn_mod_exp */
+ 0, /* init */
+ capi_rsa_free, /* finish */
+ RSA_FLAG_SIGN_VER, /* flags */
+ NULL, /* app_data */
+ capi_rsa_sign, /* rsa_sign */
+ 0 /* rsa_verify */
+ };
+
+static DSA_METHOD capi_dsa_method =
+ {
+ "CryptoAPI DSA method",
+ capi_dsa_do_sign, /* dsa_do_sign */
+ 0, /* dsa_sign_setup */
+ 0, /* dsa_do_verify */
+ 0, /* dsa_mod_exp */
+ 0, /* bn_mod_exp */
+ 0, /* init */
+ capi_dsa_free, /* finish */
+ 0, /* flags */
+ NULL, /* app_data */
+ 0, /* dsa_paramgen */
+ 0 /* dsa_keygen */
+ };
+
+static int capi_init(ENGINE *e)
+ {
+ CAPI_CTX *ctx;
+ const RSA_METHOD *ossl_rsa_meth;
+ const DSA_METHOD *ossl_dsa_meth;
+ capi_idx = ENGINE_get_ex_new_index(0, NULL, NULL, NULL, 0);
+ cert_capi_idx = X509_get_ex_new_index(0, NULL, NULL, NULL, 0);
+
+ ctx = capi_ctx_new();
+ if (!ctx || (capi_idx < 0))
+ goto memerr;
+
+ ENGINE_set_ex_data(e, capi_idx, ctx);
+ /* Setup RSA_METHOD */
+ rsa_capi_idx = RSA_get_ex_new_index(0, NULL, NULL, NULL, 0);
+ ossl_rsa_meth = RSA_PKCS1_SSLeay();
+ capi_rsa_method.rsa_pub_enc = ossl_rsa_meth->rsa_pub_enc;
+ capi_rsa_method.rsa_pub_dec = ossl_rsa_meth->rsa_pub_dec;
+ capi_rsa_method.rsa_mod_exp = ossl_rsa_meth->rsa_mod_exp;
+ capi_rsa_method.bn_mod_exp = ossl_rsa_meth->bn_mod_exp;
+
+ /* Setup DSA Method */
+ dsa_capi_idx = DSA_get_ex_new_index(0, NULL, NULL, NULL, 0);
+ ossl_dsa_meth = DSA_OpenSSL();
+ capi_dsa_method.dsa_do_verify = ossl_dsa_meth->dsa_do_verify;
+ capi_dsa_method.dsa_mod_exp = ossl_dsa_meth->dsa_mod_exp;
+ capi_dsa_method.bn_mod_exp = ossl_dsa_meth->bn_mod_exp;
+
+#ifdef OPENSSL_CAPIENG_DIALOG
+ {
+ HMODULE cryptui = LoadLibrary(TEXT("CRYPTUI.DLL"));
+ HMODULE kernel = LoadLibrary(TEXT("KERNEL32.DLL"));
+ if (cryptui)
+ ctx->certselectdlg = (CERTDLG)GetProcAddress(cryptui, "CryptUIDlgSelectCertificateFromStore");
+ if (kernel)
+ ctx->getconswindow = (GETCONSWIN)GetProcAddress(kernel, "GetConsoleWindow");
+ if (cryptui && !OPENSSL_isservice())
+ ctx->client_cert_select = cert_select_dialog;
+ }
+#endif
+
+
+ return 1;
+
+ memerr:
+ CAPIerr(CAPI_F_CAPI_INIT, ERR_R_MALLOC_FAILURE);
+ return 0;
+
+ return 1;
+ }
+
+static int capi_destroy(ENGINE *e)
+ {
+ ERR_unload_CAPI_strings();
+ return 1;
+ }
+
+static int capi_finish(ENGINE *e)
+ {
+ CAPI_CTX *ctx;
+ ctx = ENGINE_get_ex_data(e, capi_idx);
+ capi_ctx_free(ctx);
+ ENGINE_set_ex_data(e, capi_idx, NULL);
+ return 1;
+ }
+
+
+/* CryptoAPI key application data. This contains
+ * a handle to the private key container (for sign operations)
+ * and a handle to the key (for decrypt operations).
+ */
+
+struct CAPI_KEY_st
+ {
+ /* Associated certificate context (if any) */
+ PCCERT_CONTEXT pcert;
+ HCRYPTPROV hprov;
+ HCRYPTKEY key;
+ DWORD keyspec;
+ };
+
+static int bind_capi(ENGINE *e)
+ {
+ if (!ENGINE_set_id(e, engine_capi_id)
+ || !ENGINE_set_name(e, engine_capi_name)
+ || !ENGINE_set_init_function(e, capi_init)
+ || !ENGINE_set_finish_function(e, capi_finish)
+ || !ENGINE_set_destroy_function(e, capi_destroy)
+ || !ENGINE_set_RSA(e, &capi_rsa_method)
+ || !ENGINE_set_DSA(e, &capi_dsa_method)
+ || !ENGINE_set_load_privkey_function(e, capi_load_privkey)
+ || !ENGINE_set_load_ssl_client_cert_function(e,
+ capi_load_ssl_client_cert)
+ || !ENGINE_set_cmd_defns(e, capi_cmd_defns)
+ || !ENGINE_set_ctrl_function(e, capi_ctrl))
+ return 0;
+ ERR_load_CAPI_strings();
+
+ return 1;
+
+ }
+
+#ifndef OPENSSL_NO_DYNAMIC_ENGINE
+static int bind_helper(ENGINE *e, const char *id)
+ {
+ if(id && (strcmp(id, engine_capi_id) != 0))
+ return 0;
+ if(!bind_capi(e))
+ return 0;
+ return 1;
+ }
+IMPLEMENT_DYNAMIC_CHECK_FN()
+IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
+#else
+static ENGINE *engine_capi(void)
+ {
+ ENGINE *ret = ENGINE_new();
+ if(!ret)
+ return NULL;
+ if(!bind_capi(ret))
+ {
+ ENGINE_free(ret);
+ return NULL;
+ }
+ return ret;
+ }
+
+void ENGINE_load_capi(void)
+ {
+ /* Copied from eng_[openssl|dyn].c */
+ ENGINE *toadd = engine_capi();
+ if(!toadd) return;
+ ENGINE_add(toadd);
+ ENGINE_free(toadd);
+ ERR_clear_error();
+ }
+#endif
+
+
+static int lend_tobn(BIGNUM *bn, unsigned char *bin, int binlen)
+ {
+ int i;
+ /* Reverse buffer in place: since this is a keyblob structure
+ * that will be freed up after conversion anyway it doesn't
+ * matter if we change it.
+ */
+ for(i = 0; i < binlen / 2; i++)
+ {
+ unsigned char c;
+ c = bin[i];
+ bin[i] = bin[binlen - i - 1];
+ bin[binlen - i - 1] = c;
+ }
+
+ if (!BN_bin2bn(bin, binlen, bn))
+ return 0;
+ return 1;
+ }
+
+/* Given a CAPI_KEY get an EVP_PKEY structure */
+
+static EVP_PKEY *capi_get_pkey(ENGINE *eng, CAPI_KEY *key)
+ {
+ unsigned char *pubkey = NULL;
+ DWORD len;
+ BLOBHEADER *bh;
+ RSA *rkey = NULL;
+ DSA *dkey = NULL;
+ EVP_PKEY *ret = NULL;
+ if (!CryptExportKey(key->key, 0, PUBLICKEYBLOB, 0, NULL, &len))
+ {
+ CAPIerr(CAPI_F_CAPI_GET_PKEY, CAPI_R_PUBKEY_EXPORT_LENGTH_ERROR);
+ capi_addlasterror();
+ return NULL;
+ }
+
+ pubkey = OPENSSL_malloc(len);
+
+ if (!pubkey)
+ goto memerr;
+
+ if (!CryptExportKey(key->key, 0, PUBLICKEYBLOB, 0, pubkey, &len))
+ {
+ CAPIerr(CAPI_F_CAPI_GET_PKEY, CAPI_R_PUBKEY_EXPORT_ERROR);
+ capi_addlasterror();
+ goto err;
+ }
+
+ bh = (BLOBHEADER *)pubkey;
+ if (bh->bType != PUBLICKEYBLOB)
+ {
+ CAPIerr(CAPI_F_CAPI_GET_PKEY, CAPI_R_INVALID_PUBLIC_KEY_BLOB);
+ goto err;
+ }
+ if (bh->aiKeyAlg == CALG_RSA_SIGN || bh->aiKeyAlg == CALG_RSA_KEYX)
+ {
+ RSAPUBKEY *rp;
+ DWORD rsa_modlen;
+ unsigned char *rsa_modulus;
+ rp = (RSAPUBKEY *)(bh + 1);
+ if (rp->magic != 0x31415352)
+ {
+ char magstr[10];
+ BIO_snprintf(magstr, 10, "%lx", rp->magic);
+ CAPIerr(CAPI_F_CAPI_GET_PKEY, CAPI_R_INVALID_RSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER);
+ ERR_add_error_data(2, "magic=0x", magstr);
+ goto err;
+ }
+ rsa_modulus = (unsigned char *)(rp + 1);
+ rkey = RSA_new_method(eng);
+ if (!rkey)
+ goto memerr;
+
+ rkey->e = BN_new();
+ rkey->n = BN_new();
+
+ if (!rkey->e || !rkey->n)
+ goto memerr;
+
+ if (!BN_set_word(rkey->e, rp->pubexp))
+ goto memerr;
+
+ rsa_modlen = rp->bitlen / 8;
+ if (!lend_tobn(rkey->n, rsa_modulus, rsa_modlen))
+ goto memerr;
+
+ RSA_set_ex_data(rkey, rsa_capi_idx, key);
+
+ if (!(ret = EVP_PKEY_new()))
+ goto memerr;
+
+ EVP_PKEY_assign_RSA(ret, rkey);
+ rkey = NULL;
+
+ }
+ else if (bh->aiKeyAlg == CALG_DSS_SIGN)
+ {
+ DSSPUBKEY *dp;
+ DWORD dsa_plen;
+ unsigned char *btmp;
+ dp = (DSSPUBKEY *)(bh + 1);
+ if (dp->magic != 0x31535344)
+ {
+ char magstr[10];
+ BIO_snprintf(magstr, 10, "%lx", dp->magic);
+ CAPIerr(CAPI_F_CAPI_GET_PKEY, CAPI_R_INVALID_DSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER);
+ ERR_add_error_data(2, "magic=0x", magstr);
+ goto err;
+ }
+ dsa_plen = dp->bitlen / 8;
+ btmp = (unsigned char *)(dp + 1);
+ dkey = DSA_new_method(eng);
+ if (!dkey)
+ goto memerr;
+ dkey->p = BN_new();
+ dkey->q = BN_new();
+ dkey->g = BN_new();
+ dkey->pub_key = BN_new();
+ if (!dkey->p || !dkey->q || !dkey->g || !dkey->pub_key)
+ goto memerr;
+ if (!lend_tobn(dkey->p, btmp, dsa_plen))
+ goto memerr;
+ btmp += dsa_plen;
+ if (!lend_tobn(dkey->q, btmp, 20))
+ goto memerr;
+ btmp += 20;
+ if (!lend_tobn(dkey->g, btmp, dsa_plen))
+ goto memerr;
+ btmp += dsa_plen;
+ if (!lend_tobn(dkey->pub_key, btmp, dsa_plen))
+ goto memerr;
+ btmp += dsa_plen;
+
+ DSA_set_ex_data(dkey, dsa_capi_idx, key);
+
+ if (!(ret = EVP_PKEY_new()))
+ goto memerr;
+
+ EVP_PKEY_assign_DSA(ret, dkey);
+ dkey = NULL;
+ }
+ else
+ {
+ char algstr[10];
+ BIO_snprintf(algstr, 10, "%lx", bh->aiKeyAlg);
+ CAPIerr(CAPI_F_CAPI_GET_PKEY, CAPI_R_UNSUPPORTED_PUBLIC_KEY_ALGORITHM);
+ ERR_add_error_data(2, "aiKeyAlg=0x", algstr);
+ goto err;
+ }
+
+
+ err:
+ if (pubkey)
+ OPENSSL_free(pubkey);
+ if (!ret)
+ {
+ if (rkey)
+ RSA_free(rkey);
+ if (dkey)
+ DSA_free(dkey);
+ }
+
+ return ret;
+
+memerr:
+ CAPIerr(CAPI_F_CAPI_LOAD_PRIVKEY, ERR_R_MALLOC_FAILURE);
+ goto err;
+
+ }
+
+static EVP_PKEY *capi_load_privkey(ENGINE *eng, const char *key_id,
+ UI_METHOD *ui_method, void *callback_data)
+ {
+ CAPI_CTX *ctx;
+ CAPI_KEY *key;
+ EVP_PKEY *ret;
+ ctx = ENGINE_get_ex_data(eng, capi_idx);
+
+ if (!ctx)
+ {
+ CAPIerr(CAPI_F_CAPI_LOAD_PRIVKEY, CAPI_R_CANT_FIND_CAPI_CONTEXT);
+ return NULL;
+ }
+
+ key = capi_find_key(ctx, key_id);
+
+ if (!key)
+ return NULL;
+
+ ret = capi_get_pkey(eng, key);
+
+ if (!ret)
+ capi_free_key(key);
+ return ret;
+
+ }
+
+/* CryptoAPI RSA operations */
+
+int capi_rsa_priv_enc(int flen, const unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding)
+ {
+ CAPIerr(CAPI_F_CAPI_RSA_PRIV_ENC, CAPI_R_FUNCTION_NOT_SUPPORTED);
+ return -1;
+ }
+
+int capi_rsa_sign(int dtype, const unsigned char *m, unsigned int m_len,
+ unsigned char *sigret, unsigned int *siglen, const RSA *rsa)
+ {
+ ALG_ID alg;
+ HCRYPTHASH hash;
+ DWORD slen;
+ unsigned int i;
+ int ret = -1;
+ CAPI_KEY *capi_key;
+ CAPI_CTX *ctx;
+
+ ctx = ENGINE_get_ex_data(rsa->engine, capi_idx);
+
+ CAPI_trace(ctx, "Called CAPI_rsa_sign()\n");
+
+ capi_key = RSA_get_ex_data(rsa, rsa_capi_idx);
+ if (!capi_key)
+ {
+ CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_CANT_GET_KEY);
+ return -1;
+ }
+/* Convert the signature type to a CryptoAPI algorithm ID */
+ switch(dtype)
+ {
+ case NID_sha1:
+ alg = CALG_SHA1;
+ break;
+
+ case NID_md5:
+ alg = CALG_MD5;
+ break;
+
+ case NID_md5_sha1:
+ alg = CALG_SSL3_SHAMD5;
+ break;
+ default:
+ {
+ char algstr[10];
+ BIO_snprintf(algstr, 10, "%lx", dtype);
+ CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_UNSUPPORTED_ALGORITHM_NID);
+ ERR_add_error_data(2, "NID=0x", algstr);
+ return -1;
+ }
+ }
+
+
+
+/* Create the hash object */
+ if(!CryptCreateHash(capi_key->hprov, alg, 0, 0, &hash))
+ {
+ CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_CANT_CREATE_HASH_OBJECT);
+ capi_addlasterror();
+ return -1;
+ }
+/* Set the hash value to the value passed */
+
+ if(!CryptSetHashParam(hash, HP_HASHVAL, (unsigned char *)m, 0))
+ {
+ CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_CANT_SET_HASH_VALUE);
+ capi_addlasterror();
+ goto err;
+ }
+
+
+/* Finally sign it */
+ slen = RSA_size(rsa);
+ if(!CryptSignHash(hash, capi_key->keyspec, NULL, 0, sigret, &slen))
+ {
+ CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_ERROR_SIGNING_HASH);
+ capi_addlasterror();
+ goto err;
+ }
+ else
+ {
+ ret = 1;
+ /* Inplace byte reversal of signature */
+ for(i = 0; i < slen / 2; i++)
+ {
+ unsigned char c;
+ c = sigret[i];
+ sigret[i] = sigret[slen - i - 1];
+ sigret[slen - i - 1] = c;
+ }
+ *siglen = slen;
+ }
+
+ /* Now cleanup */
+
+err:
+ CryptDestroyHash(hash);
+
+ return ret;
+ }
+
+int capi_rsa_priv_dec(int flen, const unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding)
+ {
+ int i;
+ unsigned char *tmpbuf;
+ CAPI_KEY *capi_key;
+ CAPI_CTX *ctx;
+ ctx = ENGINE_get_ex_data(rsa->engine, capi_idx);
+
+ CAPI_trace(ctx, "Called capi_rsa_priv_dec()\n");
+
+
+ capi_key = RSA_get_ex_data(rsa, rsa_capi_idx);
+ if (!capi_key)
+ {
+ CAPIerr(CAPI_F_CAPI_RSA_PRIV_DEC, CAPI_R_CANT_GET_KEY);
+ return -1;
+ }
+
+ if(padding != RSA_PKCS1_PADDING)
+ {
+ char errstr[10];
+ BIO_snprintf(errstr, 10, "%d", padding);
+ CAPIerr(CAPI_F_CAPI_RSA_PRIV_DEC, CAPI_R_UNSUPPORTED_PADDING);
+ ERR_add_error_data(2, "padding=", errstr);
+ return -1;
+ }
+
+ /* Create temp reverse order version of input */
+ if(!(tmpbuf = OPENSSL_malloc(flen)) )
+ {
+ CAPIerr(CAPI_F_CAPI_RSA_PRIV_DEC, ERR_R_MALLOC_FAILURE);
+ return -1;
+ }
+ for(i = 0; i < flen; i++)
+ tmpbuf[flen - i - 1] = from[i];
+
+ /* Finally decrypt it */
+ if(!CryptDecrypt(capi_key->key, 0, TRUE, 0, tmpbuf, &flen))
+ {
+ CAPIerr(CAPI_F_CAPI_RSA_PRIV_DEC, CAPI_R_DECRYPT_ERROR);
+ capi_addlasterror();
+ OPENSSL_free(tmpbuf);
+ return -1;
+ }
+ else memcpy(to, tmpbuf, flen);
+
+ OPENSSL_free(tmpbuf);
+
+ return flen;
+ }
+
+static int capi_rsa_free(RSA *rsa)
+ {
+ CAPI_KEY *capi_key;
+ capi_key = RSA_get_ex_data(rsa, rsa_capi_idx);
+ capi_free_key(capi_key);
+ RSA_set_ex_data(rsa, rsa_capi_idx, 0);
+ return 1;
+ }
+
+/* CryptoAPI DSA operations */
+
+static DSA_SIG *capi_dsa_do_sign(const unsigned char *digest, int dlen,
+ DSA *dsa)
+ {
+ HCRYPTHASH hash;
+ DWORD slen;
+ DSA_SIG *ret = NULL;
+ CAPI_KEY *capi_key;
+ CAPI_CTX *ctx;
+ unsigned char csigbuf[40];
+
+ ctx = ENGINE_get_ex_data(dsa->engine, capi_idx);
+
+ CAPI_trace(ctx, "Called CAPI_dsa_do_sign()\n");
+
+ capi_key = DSA_get_ex_data(dsa, dsa_capi_idx);
+
+ if (!capi_key)
+ {
+ CAPIerr(CAPI_F_CAPI_DSA_DO_SIGN, CAPI_R_CANT_GET_KEY);
+ return NULL;
+ }
+
+ if (dlen != 20)
+ {
+ CAPIerr(CAPI_F_CAPI_DSA_DO_SIGN, CAPI_R_INVALID_DIGEST_LENGTH);
+ return NULL;
+ }
+
+ /* Create the hash object */
+ if(!CryptCreateHash(capi_key->hprov, CALG_SHA1, 0, 0, &hash))
+ {
+ CAPIerr(CAPI_F_CAPI_DSA_DO_SIGN, CAPI_R_CANT_CREATE_HASH_OBJECT);
+ capi_addlasterror();
+ return NULL;
+ }
+
+ /* Set the hash value to the value passed */
+ if(!CryptSetHashParam(hash, HP_HASHVAL, (unsigned char *)digest, 0))
+ {
+ CAPIerr(CAPI_F_CAPI_DSA_DO_SIGN, CAPI_R_CANT_SET_HASH_VALUE);
+ capi_addlasterror();
+ goto err;
+ }
+
+
+ /* Finally sign it */
+ slen = sizeof(csigbuf);
+ if(!CryptSignHash(hash, capi_key->keyspec, NULL, 0, csigbuf, &slen))
+ {
+ CAPIerr(CAPI_F_CAPI_DSA_DO_SIGN, CAPI_R_ERROR_SIGNING_HASH);
+ capi_addlasterror();
+ goto err;
+ }
+ else
+ {
+ ret = DSA_SIG_new();
+ if (!ret)
+ goto err;
+ ret->r = BN_new();
+ ret->s = BN_new();
+ if (!ret->r || !ret->s)
+ goto err;
+ if (!lend_tobn(ret->r, csigbuf, 20)
+ || !lend_tobn(ret->s, csigbuf + 20, 20))
+ {
+ DSA_SIG_free(ret);
+ ret = NULL;
+ goto err;
+ }
+ }
+
+ /* Now cleanup */
+
+err:
+ OPENSSL_cleanse(csigbuf, 40);
+ CryptDestroyHash(hash);
+ return ret;
+ }
+
+static int capi_dsa_free(DSA *dsa)
+ {
+ CAPI_KEY *capi_key;
+ capi_key = DSA_get_ex_data(dsa, dsa_capi_idx);
+ capi_free_key(capi_key);
+ DSA_set_ex_data(dsa, dsa_capi_idx, 0);
+ return 1;
+ }
+
+static void capi_vtrace(CAPI_CTX *ctx, int level, char *format, va_list argptr)
+ {
+ BIO *out;
+
+ if (!ctx || (ctx->debug_level < level) || (!ctx->debug_file))
+ return;
+ out = BIO_new_file(ctx->debug_file, "a+");
+ BIO_vprintf(out, format, argptr);
+ BIO_free(out);
+ }
+
+static void CAPI_trace(CAPI_CTX *ctx, char *format, ...)
+ {
+ va_list args;
+ va_start(args, format);
+ capi_vtrace(ctx, CAPI_DBG_TRACE, format, args);
+ va_end(args);
+ }
+
+static void capi_addlasterror(void)
+ {
+ capi_adderror(GetLastError());
+ }
+
+static void capi_adderror(DWORD err)
+ {
+ char errstr[10];
+ BIO_snprintf(errstr, 10, "%lX", err);
+ ERR_add_error_data(2, "Error code= 0x", errstr);
+ }
+
+static char *wide_to_asc(LPWSTR wstr)
+ {
+ char *str;
+ if (!wstr)
+ return NULL;
+ str = OPENSSL_malloc(wcslen(wstr) + 1);
+ if (!str)
+ {
+ CAPIerr(CAPI_F_WIDE_TO_ASC, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+ sprintf(str, "%S", wstr);
+ return str;
+ }
+
+static int capi_get_provname(CAPI_CTX *ctx, LPSTR *pname, DWORD *ptype, DWORD idx)
+ {
+ LPSTR name;
+ DWORD len, err;
+ CAPI_trace(ctx, "capi_get_provname, index=%d\n", idx);
+ if (!CryptEnumProviders(idx, NULL, 0, ptype, NULL, &len))
+ {
+ err = GetLastError();
+ if (err == ERROR_NO_MORE_ITEMS)
+ return 2;
+ CAPIerr(CAPI_F_CAPI_GET_PROVNAME, CAPI_R_CRYPTENUMPROVIDERS_ERROR);
+ capi_adderror(err);
+ return 0;
+ }
+ name = OPENSSL_malloc(len);
+ if (!CryptEnumProviders(idx, NULL, 0, ptype, name, &len))
+ {
+ err = GetLastError();
+ if (err == ERROR_NO_MORE_ITEMS)
+ return 2;
+ CAPIerr(CAPI_F_CAPI_GET_PROVNAME, CAPI_R_CRYPTENUMPROVIDERS_ERROR);
+ capi_adderror(err);
+ return 0;
+ }
+ *pname = name;
+ CAPI_trace(ctx, "capi_get_provname, returned name=%s, type=%d\n", name, *ptype);
+
+ return 1;
+ }
+
+static int capi_list_providers(CAPI_CTX *ctx, BIO *out)
+ {
+ DWORD idx, ptype;
+ int ret;
+ LPTSTR provname = NULL;
+ CAPI_trace(ctx, "capi_list_providers\n");
+ BIO_printf(out, "Available CSPs:\n");
+ for(idx = 0; ; idx++)
+ {
+ ret = capi_get_provname(ctx, &provname, &ptype, idx);
+ if (ret == 2)
+ break;
+ if (ret == 0)
+ break;
+ BIO_printf(out, "%d. %s, type %d\n", idx, provname, ptype);
+ OPENSSL_free(provname);
+ }
+ return 1;
+ }
+
+static int capi_list_containers(CAPI_CTX *ctx, BIO *out)
+ {
+ int ret = 1;
+ HCRYPTPROV hprov;
+ DWORD err, idx, flags, buflen = 0, clen;
+ LPSTR cname;
+ CAPI_trace(ctx, "Listing containers CSP=%s, type = %d\n", ctx->cspname, ctx->csptype);
+ if (!CryptAcquireContext(&hprov, NULL, ctx->cspname, ctx->csptype, CRYPT_VERIFYCONTEXT))
+ {
+ CAPIerr(CAPI_F_CAPI_LIST_CONTAINERS, CAPI_R_CRYPTACQUIRECONTEXT_ERROR);
+ capi_addlasterror();
+ return 0;
+ }
+ if (!CryptGetProvParam(hprov, PP_ENUMCONTAINERS, NULL, &buflen, CRYPT_FIRST))
+ {
+ CAPIerr(CAPI_F_CAPI_LIST_CONTAINERS, CAPI_R_ENUMCONTAINERS_ERROR);
+ capi_addlasterror();
+ return 0;
+ }
+ CAPI_trace(ctx, "Got max container len %d\n", buflen);
+ if (buflen == 0)
+ buflen = 1024;
+ cname = OPENSSL_malloc(buflen);
+ if (!cname)
+ {
+ CAPIerr(CAPI_F_CAPI_LIST_CONTAINERS, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ for (idx = 0;;idx++)
+ {
+ clen = buflen;
+ cname[0] = 0;
+
+ if (idx == 0)
+ flags = CRYPT_FIRST;
+ else
+ flags = 0;
+ if(!CryptGetProvParam(hprov, PP_ENUMCONTAINERS, cname, &clen, flags))
+ {
+ err = GetLastError();
+ if (err == ERROR_NO_MORE_ITEMS)
+ goto done;
+ CAPIerr(CAPI_F_CAPI_LIST_CONTAINERS, CAPI_R_ENUMCONTAINERS_ERROR);
+ capi_adderror(err);
+ goto err;
+ }
+ CAPI_trace(ctx, "Container name %s, len=%d, index=%d, flags=%d\n", cname, clen, idx, flags);
+ if (!cname[0] && (clen == buflen))
+ {
+ CAPI_trace(ctx, "Enumerate bug: using workaround\n");
+ goto done;
+ }
+ BIO_printf(out, "%d. %s\n", idx, cname);
+ }
+ err:
+
+ ret = 0;
+
+ done:
+ if (cname)
+ OPENSSL_free(cname);
+ CryptReleaseContext(hprov, 0);
+
+ return ret;
+ }
+
+CRYPT_KEY_PROV_INFO *capi_get_prov_info(CAPI_CTX *ctx, PCCERT_CONTEXT cert)
+ {
+ DWORD len;
+ CRYPT_KEY_PROV_INFO *pinfo;
+
+ if(!CertGetCertificateContextProperty(cert, CERT_KEY_PROV_INFO_PROP_ID, NULL, &len))
+ return NULL;
+ pinfo = OPENSSL_malloc(len);
+ if (!pinfo)
+ {
+ CAPIerr(CAPI_F_CAPI_GET_PROV_INFO, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+ if(!CertGetCertificateContextProperty(cert, CERT_KEY_PROV_INFO_PROP_ID, pinfo, &len))
+ {
+ CAPIerr(CAPI_F_CAPI_GET_PROV_INFO, CAPI_R_ERROR_GETTING_KEY_PROVIDER_INFO);
+ capi_addlasterror();
+ OPENSSL_free(pinfo);
+ return NULL;
+ }
+ return pinfo;
+ }
+
+static void capi_dump_prov_info(CAPI_CTX *ctx, BIO *out, CRYPT_KEY_PROV_INFO *pinfo)
+ {
+ char *provname = NULL, *contname = NULL;
+ if (!pinfo)
+ {
+ BIO_printf(out, " No Private Key\n");
+ return;
+ }
+ provname = wide_to_asc(pinfo->pwszProvName);
+ contname = wide_to_asc(pinfo->pwszContainerName);
+ if (!provname || !contname)
+ goto err;
+
+ BIO_printf(out, " Private Key Info:\n");
+ BIO_printf(out, " Provider Name: %s, Provider Type %d\n", provname, pinfo->dwProvType);
+ BIO_printf(out, " Container Name: %s, Key Type %d\n", contname, pinfo->dwKeySpec);
+ err:
+ if (provname)
+ OPENSSL_free(provname);
+ if (contname)
+ OPENSSL_free(contname);
+ }
+
+char * capi_cert_get_fname(CAPI_CTX *ctx, PCCERT_CONTEXT cert)
+ {
+ LPWSTR wfname;
+ DWORD dlen;
+
+ CAPI_trace(ctx, "capi_cert_get_fname\n");
+ if (!CertGetCertificateContextProperty(cert, CERT_FRIENDLY_NAME_PROP_ID, NULL, &dlen))
+ return NULL;
+ wfname = OPENSSL_malloc(dlen);
+ if (CertGetCertificateContextProperty(cert, CERT_FRIENDLY_NAME_PROP_ID, wfname, &dlen))
+ {
+ char *fname = wide_to_asc(wfname);
+ OPENSSL_free(wfname);
+ return fname;
+ }
+ CAPIerr(CAPI_F_CAPI_CERT_GET_FNAME, CAPI_R_ERROR_GETTING_FRIENDLY_NAME);
+ capi_addlasterror();
+
+ OPENSSL_free(wfname);
+ return NULL;
+ }
+
+
+void capi_dump_cert(CAPI_CTX *ctx, BIO *out, PCCERT_CONTEXT cert)
+ {
+ X509 *x;
+ unsigned char *p;
+ unsigned long flags = ctx->dump_flags;
+ if (flags & CAPI_DMP_FNAME)
+ {
+ char *fname;
+ fname = capi_cert_get_fname(ctx, cert);
+ if (fname)
+ {
+ BIO_printf(out, " Friendly Name \"%s\"\n", fname);
+ OPENSSL_free(fname);
+ }
+ else
+ BIO_printf(out, " <No Friendly Name>\n");
+ }
+
+ p = cert->pbCertEncoded;
+ x = d2i_X509(NULL, &p, cert->cbCertEncoded);
+ if (!x)
+ BIO_printf(out, " <Can't parse certificate>\n");
+ if (flags & CAPI_DMP_SUMMARY)
+ {
+ BIO_printf(out, " Subject: ");
+ X509_NAME_print_ex(out, X509_get_subject_name(x), 0, XN_FLAG_ONELINE);
+ BIO_printf(out, "\n Issuer: ");
+ X509_NAME_print_ex(out, X509_get_issuer_name(x), 0, XN_FLAG_ONELINE);
+ BIO_printf(out, "\n");
+ }
+ if (flags & CAPI_DMP_FULL)
+ X509_print_ex(out, x, XN_FLAG_ONELINE,0);
+
+ if (flags & CAPI_DMP_PKEYINFO)
+ {
+ CRYPT_KEY_PROV_INFO *pinfo;
+ pinfo = capi_get_prov_info(ctx, cert);
+ capi_dump_prov_info(ctx, out, pinfo);
+ if (pinfo)
+ OPENSSL_free(pinfo);
+ }
+
+ if (flags & CAPI_DMP_PEM)
+ PEM_write_bio_X509(out, x);
+ X509_free(x);
+ }
+
+HCERTSTORE capi_open_store(CAPI_CTX *ctx, char *storename)
+ {
+ HCERTSTORE hstore;
+
+ if (!storename)
+ storename = ctx->storename;
+ if (!storename)
+ storename = "MY";
+ CAPI_trace(ctx, "Opening certificate store %s\n", storename);
+
+ hstore = CertOpenSystemStore(0, storename);
+ if (!hstore)
+ {
+ CAPIerr(CAPI_F_CAPI_OPEN_STORE, CAPI_R_ERROR_OPENING_STORE);
+ capi_addlasterror();
+ }
+ return hstore;
+ }
+
+int capi_list_certs(CAPI_CTX *ctx, BIO *out, char *id)
+ {
+ char *storename;
+ int idx;
+ int ret = 1;
+ HCERTSTORE hstore;
+ PCCERT_CONTEXT cert = NULL;
+
+ storename = ctx->storename;
+ if (!storename)
+ storename = "MY";
+ CAPI_trace(ctx, "Listing certs for store %s\n", storename);
+
+ hstore = capi_open_store(ctx, storename);
+ if (!hstore)
+ return 0;
+ if (id)
+ {
+ cert = capi_find_cert(ctx, id, hstore);
+ if (!cert)
+ {
+ ret = 0;
+ goto err;
+ }
+ capi_dump_cert(ctx, out, cert);
+ CertFreeCertificateContext(cert);
+ }
+ else
+ {
+ for(idx = 0;;idx++)
+ {
+ LPWSTR fname = NULL;
+ cert = CertEnumCertificatesInStore(hstore, cert);
+ if (!cert)
+ break;
+ BIO_printf(out, "Certificate %d\n", idx);
+ capi_dump_cert(ctx, out, cert);
+ }
+ }
+ err:
+ CertCloseStore(hstore, 0);
+ return ret;
+ }
+
+static PCCERT_CONTEXT capi_find_cert(CAPI_CTX *ctx, const char *id, HCERTSTORE hstore)
+ {
+ PCCERT_CONTEXT cert = NULL;
+ char *fname = NULL;
+ int match;
+ switch(ctx->lookup_method)
+ {
+ case CAPI_LU_SUBSTR:
+ return CertFindCertificateInStore(hstore,
+ X509_ASN_ENCODING, 0,
+ CERT_FIND_SUBJECT_STR_A, id, NULL);
+ case CAPI_LU_FNAME:
+ for(;;)
+ {
+ cert = CertEnumCertificatesInStore(hstore, cert);
+ if (!cert)
+ return NULL;
+ fname = capi_cert_get_fname(ctx, cert);
+ if (fname)
+ {
+ if (strcmp(fname, id))
+ match = 0;
+ else
+ match = 1;
+ OPENSSL_free(fname);
+ if (match)
+ return cert;
+ }
+ }
+ default:
+ return NULL;
+ }
+ }
+
+static CAPI_KEY *capi_get_key(CAPI_CTX *ctx, const char *contname, char *provname, DWORD ptype, DWORD keyspec)
+ {
+ CAPI_KEY *key;
+ key = OPENSSL_malloc(sizeof(CAPI_KEY));
+ CAPI_trace(ctx, "capi_get_key, contname=%s, provname=%s, type=%d\n",
+ contname, provname, ptype);
+ if (!CryptAcquireContext(&key->hprov, contname, provname, ptype, 0))
+ {
+ CAPIerr(CAPI_F_CAPI_GET_KEY, CAPI_R_CRYPTACQUIRECONTEXT_ERROR);
+ capi_addlasterror();
+ goto err;
+ }
+ if (!CryptGetUserKey(key->hprov, keyspec, &key->key))
+ {
+ CAPIerr(CAPI_F_CAPI_GET_KEY, CAPI_R_GETUSERKEY_ERROR);
+ capi_addlasterror();
+ CryptReleaseContext(key->hprov, 0);
+ goto err;
+ }
+ key->keyspec = keyspec;
+ key->pcert = NULL;
+ return key;
+
+ err:
+ OPENSSL_free(key);
+ return NULL;
+ }
+
+static CAPI_KEY *capi_get_cert_key(CAPI_CTX *ctx, PCCERT_CONTEXT cert)
+ {
+ CAPI_KEY *key;
+ CRYPT_KEY_PROV_INFO *pinfo = NULL;
+ char *provname = NULL, *contname = NULL;
+ pinfo = capi_get_prov_info(ctx, cert);
+ if (!pinfo)
+ goto err;
+ provname = wide_to_asc(pinfo->pwszProvName);
+ contname = wide_to_asc(pinfo->pwszContainerName);
+ if (!provname || !contname)
+ return 0;
+
+ key = capi_get_key(ctx, contname, provname,
+ pinfo->dwProvType, pinfo->dwKeySpec);
+
+ err:
+ if (pinfo)
+ OPENSSL_free(pinfo);
+ if (provname)
+ OPENSSL_free(provname);
+ if (contname)
+ OPENSSL_free(contname);
+ return key;
+ }
+
+CAPI_KEY *capi_find_key(CAPI_CTX *ctx, const char *id)
+ {
+ PCCERT_CONTEXT cert;
+ HCERTSTORE hstore;
+ CAPI_KEY *key = NULL;
+ switch (ctx->lookup_method)
+ {
+ case CAPI_LU_SUBSTR:
+ case CAPI_LU_FNAME:
+ hstore = capi_open_store(ctx, NULL);
+ if (!hstore)
+ return NULL;
+ cert = capi_find_cert(ctx, id, hstore);
+ if (cert)
+ {
+ key = capi_get_cert_key(ctx, cert);
+ CertFreeCertificateContext(cert);
+ }
+ CertCloseStore(hstore, 0);
+ break;
+
+ case CAPI_LU_CONTNAME:
+ key = capi_get_key(ctx, id, ctx->cspname, ctx->csptype,
+ ctx->keytype);
+ break;
+ }
+
+ return key;
+ }
+
+void capi_free_key(CAPI_KEY *key)
+ {
+ if (!key)
+ return;
+ CryptDestroyKey(key->key);
+ CryptReleaseContext(key->hprov, 0);
+ if (key->pcert)
+ CertFreeCertificateContext(key->pcert);
+ OPENSSL_free(key);
+ }
+
+
+/* Initialize a CAPI_CTX structure */
+
+static CAPI_CTX *capi_ctx_new()
+ {
+ CAPI_CTX *ctx;
+ ctx = OPENSSL_malloc(sizeof(CAPI_CTX));
+ if (!ctx)
+ {
+ CAPIerr(CAPI_F_CAPI_CTX_NEW, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+ ctx->cspname = NULL;
+ ctx->csptype = PROV_RSA_FULL;
+ ctx->dump_flags = CAPI_DMP_SUMMARY|CAPI_DMP_FNAME;
+ ctx->keytype = AT_KEYEXCHANGE;
+ ctx->storename = NULL;
+ ctx->ssl_client_store = NULL;
+ ctx->lookup_method = CAPI_LU_SUBSTR;
+ ctx->debug_level = 0;
+ ctx->debug_file = NULL;
+ ctx->client_cert_select = cert_select_simple;
+ return ctx;
+ }
+
+static void capi_ctx_free(CAPI_CTX *ctx)
+ {
+ CAPI_trace(ctx, "Calling capi_ctx_free with %lx\n", ctx);
+ if (!ctx)
+ return;
+ if (ctx->cspname)
+ OPENSSL_free(ctx->cspname);
+ if (ctx->debug_file)
+ OPENSSL_free(ctx->debug_file);
+ if (ctx->storename)
+ OPENSSL_free(ctx->storename);
+ if (ctx->ssl_client_store)
+ OPENSSL_free(ctx->ssl_client_store);
+ OPENSSL_free(ctx);
+ }
+
+static int capi_ctx_set_provname(CAPI_CTX *ctx, LPSTR pname, DWORD type, int check)
+ {
+ CAPI_trace(ctx, "capi_ctx_set_provname, name=%s, type=%d\n", pname, type);
+ if (check)
+ {
+ HCRYPTPROV hprov;
+ if (!CryptAcquireContext(&hprov, NULL, pname, type,
+ CRYPT_VERIFYCONTEXT))
+ {
+ CAPIerr(CAPI_F_CAPI_CTX_SET_PROVNAME, CAPI_R_CRYPTACQUIRECONTEXT_ERROR);
+ capi_addlasterror();
+ return 0;
+ }
+ CryptReleaseContext(hprov, 0);
+ }
+ ctx->cspname = BUF_strdup(pname);
+ ctx->csptype = type;
+ return 1;
+ }
+
+static int capi_ctx_set_provname_idx(CAPI_CTX *ctx, int idx)
+ {
+ LPSTR pname;
+ DWORD type;
+ if (capi_get_provname(ctx, &pname, &type, idx) != 1)
+ return 0;
+ return capi_ctx_set_provname(ctx, pname, type, 0);
+ }
+
+static int cert_issuer_match(STACK_OF(X509_NAME) *ca_dn, X509 *x)
+ {
+ int i;
+ X509_NAME *nm;
+ /* Special case: empty list: match anything */
+ if (sk_X509_NAME_num(ca_dn) <= 0)
+ return 1;
+ for (i = 0; i < sk_X509_NAME_num(ca_dn); i++)
+ {
+ nm = sk_X509_NAME_value(ca_dn, i);
+ if (!X509_NAME_cmp(nm, X509_get_issuer_name(x)))
+ return 1;
+ }
+ return 0;
+ }
+
+
+
+static int capi_load_ssl_client_cert(ENGINE *e, SSL *ssl,
+ STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **pkey,
+ STACK_OF(X509) **pother, UI_METHOD *ui_method, void *callback_data)
+ {
+ STACK_OF(X509) *certs = NULL;
+ X509 *x;
+ char *storename;
+ const char *p;
+ int i, client_cert_idx;
+ HCERTSTORE hstore;
+ PCCERT_CONTEXT cert = NULL, excert = NULL;
+ CAPI_CTX *ctx;
+ CAPI_KEY *key;
+ ctx = ENGINE_get_ex_data(e, capi_idx);
+
+ *pcert = NULL;
+ *pkey = NULL;
+
+ storename = ctx->ssl_client_store;
+ if (!storename)
+ storename = "MY";
+
+ hstore = capi_open_store(ctx, storename);
+ if (!hstore)
+ return 0;
+ /* Enumerate all certificates collect any matches */
+ for(i = 0;;i++)
+ {
+ cert = CertEnumCertificatesInStore(hstore, cert);
+ if (!cert)
+ break;
+ p = cert->pbCertEncoded;
+ x = d2i_X509(NULL, &p, cert->cbCertEncoded);
+ if (!x)
+ {
+ CAPI_trace(ctx, "Can't Parse Certificate %d\n", i);
+ continue;
+ }
+ if (cert_issuer_match(ca_dn, x))
+ {
+ key = capi_get_cert_key(ctx, cert);
+ if (!key)
+ continue;
+ /* Match found: attach extra data to it so
+ * we can retrieve the key later.
+ */
+ excert = CertDuplicateCertificateContext(cert);
+ key->pcert = excert;
+ X509_set_ex_data(x, cert_capi_idx, key);
+
+ if (!certs)
+ certs = sk_X509_new_null();
+
+ sk_X509_push(certs, x);
+ }
+ else
+ X509_free(x);
+
+ }
+
+ if (cert)
+ CertFreeCertificateContext(cert);
+ if (hstore)
+ CertCloseStore(hstore, 0);
+
+ if (!certs)
+ return 0;
+
+
+ /* Select the appropriate certificate */
+
+ client_cert_idx = ctx->client_cert_select(e, ssl, certs);
+
+ /* Set the selected certificate and free the rest */
+
+ for(i = 0; i < sk_X509_num(certs); i++)
+ {
+ x = sk_X509_value(certs, i);
+ if (i == client_cert_idx)
+ *pcert = x;
+ else
+ {
+ key = X509_get_ex_data(x, cert_capi_idx);
+ capi_free_key(key);
+ X509_free(x);
+ }
+ }
+
+ sk_X509_free(certs);
+
+ if (!*pcert)
+ return 0;
+
+ /* Setup key for selected certificate */
+
+ key = X509_get_ex_data(*pcert, cert_capi_idx);
+ *pkey = capi_get_pkey(e, key);
+ X509_set_ex_data(*pcert, cert_capi_idx, NULL);
+
+ return 1;
+
+ }
+
+
+/* Simple client cert selection function: always select first */
+
+static int cert_select_simple(ENGINE *e, SSL *ssl, STACK_OF(X509) *certs)
+ {
+ return 0;
+ }
+
+#ifdef OPENSSL_CAPIENG_DIALOG
+
+/* More complex cert selection function, using standard function
+ * CryptUIDlgSelectCertificateFromStore() to produce a dialog box.
+ */
+
+#include <PrSht.h>
+#include <cryptuiapi.h>
+
+#define dlg_title L"OpenSSL Application SSL Client Certificate Selection"
+#define dlg_prompt L"Select a certificate to use for authentication"
+#define dlg_columns CRYPTUI_SELECT_LOCATION_COLUMN \
+ |CRYPTUI_SELECT_INTENDEDUSE_COLUMN
+
+static int cert_select_dialog(ENGINE *e, SSL *ssl, STACK_OF(X509) *certs)
+ {
+ X509 *x;
+ HCERTSTORE dstore;
+ PCCERT_CONTEXT cert;
+ CAPI_CTX *ctx;
+ CAPI_KEY *key;
+ HWND hwnd;
+ int i, idx = -1;
+ if (sk_X509_num(certs) == 1)
+ return 0;
+ ctx = ENGINE_get_ex_data(e, capi_idx);
+ /* Create an in memory store of certificates */
+ dstore = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
+ CERT_STORE_CREATE_NEW_FLAG, NULL);
+ if (!dstore)
+ {
+ CAPIerr(CAPI_F_CLIENT_CERT_SELECT, CAPI_R_ERROR_CREATING_STORE);
+ capi_addlasterror();
+ goto err;
+ }
+ /* Add all certificates to store */
+ for(i = 0; i < sk_X509_num(certs); i++)
+ {
+ x = sk_X509_value(certs, i);
+ key = X509_get_ex_data(x, cert_capi_idx);
+
+ if (!CertAddCertificateContextToStore(dstore, key->pcert,
+ CERT_STORE_ADD_NEW, NULL))
+ {
+ CAPIerr(CAPI_F_CLIENT_CERT_SELECT, CAPI_R_ERROR_ADDING_CERT);
+ capi_addlasterror();
+ goto err;
+ }
+
+ }
+ hwnd = GetActiveWindow();
+ if (!hwnd && ctx->getconswindow)
+ hwnd = ctx->getconswindow();
+ /* Call dialog to select one */
+ cert = ctx->certselectdlg(dstore, hwnd, dlg_title, dlg_prompt,
+ dlg_columns, 0, NULL);
+
+ /* Find matching cert from list */
+ if (cert)
+ {
+ for(i = 0; i < sk_X509_num(certs); i++)
+ {
+ x = sk_X509_value(certs, i);
+ key = X509_get_ex_data(x, cert_capi_idx);
+ if (CertCompareCertificate(
+ X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
+ cert->pCertInfo,
+ key->pcert->pCertInfo))
+ {
+ idx = i;
+ break;
+ }
+ }
+ }
+
+ err:
+ if (dstore)
+ CertCloseStore(dstore, 0);
+ return idx;
+
+ }
+#endif
+
+#endif
+#endif
#ifndef HEADER_HWCRHK_ERR_H
#define HEADER_HWCRHK_ERR_H
+#ifdef __cplusplus
+extern "C" {
+#endif
+
/* BEGIN ERROR CODES */
/* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
#ifndef HEADER_CSWIFT_ERR_H
#define HEADER_CSWIFT_ERR_H
+#ifdef __cplusplus
+extern "C" {
+#endif
+
/* BEGIN ERROR CODES */
/* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
#include <openssl/crypto.h>
#include <openssl/buffer.h>
#include <openssl/engine.h>
+#include <openssl/rsa.h>
+#include <openssl/bn.h>
#ifndef OPENSSL_NO_HW
#ifndef OPENSSL_NO_GMP
return to_return;
}
-/* HACK - use text I/O functions in openssl and GMP to handle conversions. This
- * is vile. */
+
+/* Most often limb sizes will be the same. If not, we use hex conversion
+ * which is neat, but extremely inefficient. */
static int bn2gmp(const BIGNUM *bn, mpz_t g)
{
- int toret;
- char *tmpchar = BN_bn2hex(bn);
- if(!tmpchar) return 0;
- toret = (mpz_set_str(g, tmpchar, 16) == 0 ? 1 : 0);
- OPENSSL_free(tmpchar);
- return toret;
+ bn_check_top(bn);
+ if(((sizeof(bn->d[0]) * 8) == GMP_NUMB_BITS) &&
+ (BN_BITS2 == GMP_NUMB_BITS))
+ {
+ /* The common case */
+ if(!_mpz_realloc (g, bn->top))
+ return 0;
+ memcpy(&g->_mp_d[0], &bn->d[0], bn->top * sizeof(bn->d[0]));
+ g->_mp_size = bn->top;
+ if(bn->neg)
+ g->_mp_size = -g->_mp_size;
+ return 1;
+ }
+ else
+ {
+ int toret;
+ char *tmpchar = BN_bn2hex(bn);
+ if(!tmpchar) return 0;
+ toret = (mpz_set_str(g, tmpchar, 16) == 0 ? 1 : 0);
+ OPENSSL_free(tmpchar);
+ return toret;
+ }
}
static int gmp2bn(mpz_t g, BIGNUM *bn)
{
- int toret;
- char *tmpchar = OPENSSL_malloc(mpz_sizeinbase(g, 16) + 10);
- if(!tmpchar) return 0;
- mpz_get_str(tmpchar, 16, g);
- toret = BN_hex2bn(&bn, tmpchar);
- OPENSSL_free(tmpchar);
- return toret;
+ if(((sizeof(bn->d[0]) * 8) == GMP_NUMB_BITS) &&
+ (BN_BITS2 == GMP_NUMB_BITS))
+ {
+ /* The common case */
+ int s = (g->_mp_size >= 0) ? g->_mp_size : -g->_mp_size;
+ BN_zero(bn);
+ if(bn_expand2 (bn, s) == NULL)
+ return 0;
+ bn->top = s;
+ memcpy(&bn->d[0], &g->_mp_d[0], s * sizeof(bn->d[0]));
+ bn_correct_top(bn);
+ bn->neg = g->_mp_size >= 0 ? 0 : 1;
+ return 1;
+ }
+ else
+ {
+ int toret;
+ char *tmpchar = OPENSSL_malloc(mpz_sizeinbase(g, 16) + 10);
+ if(!tmpchar) return 0;
+ mpz_get_str(tmpchar, 16, g);
+ toret = BN_hex2bn(&bn, tmpchar);
+ OPENSSL_free(tmpchar);
+ return toret;
+ }
}
#ifndef OPENSSL_NO_RSA
#ifndef HEADER_GMP_ERR_H
#define HEADER_GMP_ERR_H
+#ifdef __cplusplus
+extern "C" {
+#endif
+
/* BEGIN ERROR CODES */
/* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
#ifndef HEADER_NURON_ERR_H
#define HEADER_NURON_ERR_H
+#ifdef __cplusplus
+extern "C" {
+#endif
+
/* BEGIN ERROR CODES */
/* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
#ifndef HEADER_SUREWARE_ERR_H
#define HEADER_SUREWARE_ERR_H
+#ifdef __cplusplus
+extern "C" {
+#endif
+
/* BEGIN ERROR CODES */
/* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
#ifndef HEADER_UBSEC_ERR_H
#define HEADER_UBSEC_ERR_H
+#ifdef __cplusplus
+extern "C" {
+#endif
+
/* BEGIN ERROR CODES */
/* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
#include <errno.h>
#include <assert.h>
#include <ctype.h>
-
#include <openssl/aes.h>
#include <openssl/evp.h>
-#include <openssl/fips.h>
+
#include <openssl/err.h>
#include "e_os.h"
#else
+#include <openssl/fips.h>
#include "fips_utl.h"
#define AES_BLOCK_SIZE 16
#include <errno.h>
#include <assert.h>
#include <ctype.h>
-
#include <openssl/des.h>
#include <openssl/evp.h>
-#include <openssl/fips.h>
+
#include <openssl/err.h>
#include "e_os.h"
#else
+#include <openssl/fips.h>
#include "fips_utl.h"
#define DES_BLOCK_SIZE 8
#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
#endif
-#include <openssl/fips.h>
-#include <openssl/fips_rand.h>
#if defined(OPENSSL_NO_DSA) || !defined(OPENSSL_FIPS)
return(0);
}
#else
+#include <openssl/fips.h>
+#include <openssl/fips_rand.h>
#include <openssl/dsa.h>
#ifdef OPENSSL_SYS_WIN16
*
*/
-#include <openssl/fips.h>
+
#include <openssl/rand.h>
#include <openssl/fips_rand.h>
#include <openssl/err.h>
#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+
#ifndef PATH_MAX
#define PATH_MAX 1024
#endif
#include <openssl/opensslconf.h>
+#ifndef OPENSSL_NO_FIPS
+#error FIPS is disabled.
+#endif
+
#ifdef OPENSSL_FIPS
#ifdef __cplusplus
#include <openssl/dsa.h>
#include <openssl/hmac.h>
#include <openssl/err.h>
-#include <openssl/fips.h>
+
#include <openssl/bn.h>
#include <openssl/rand.h>
#include <openssl/sha.h>
}
#else
+#include <openssl/fips.h>
#include "fips_utl.h"
/* AES: encrypt and decrypt known plaintext, verify result matches original plaintext
#include <openssl/evp.h>
#include <openssl/hmac.h>
#include <openssl/err.h>
-#include <openssl/fips.h>
+
#include <openssl/x509v3.h>
#ifndef OPENSSL_FIPS
#else
+#include <openssl/fips.h>
#include "fips_utl.h"
static int hmac_test(const EVP_MD *md, FILE *out, FILE *in);
* ssl->rwstate=SSL_X509_LOOKUP; return(-1);
* We then get retied later */
i=0;
- if (s->ctx->client_cert_cb != NULL)
- i=s->ctx->client_cert_cb(s,&(x509),&(pkey));
+ i = ssl_do_client_cert_cb(s, &x509, &pkey);
if (i < 0)
{
s->rwstate=SSL_X509_LOOKUP;
#include <openssl/opensslconf.h>
-#ifndef OPENSSL_NO_KRB5
-
#define _XOPEN_SOURCE 500 /* glibc2 needs this to declare strptime() */
#include <time.h>
#if 0 /* experimental */
#include <openssl/objects.h>
#include <openssl/krb5_asn.h>
+#ifndef OPENSSL_NO_KRB5
+
#ifndef ENOMEM
#define ENOMEM KRB5KRB_ERR_GENERIC
#endif
#else /* !OPENSSL_NO_KRB5 */
#if defined(PEDANTIC) || defined(OPENSSL_SYS_VMS)
-static int dummy=(int)&dummy;
+static void *dummy=&dummy;
#endif
#endif /* !OPENSSL_NO_KRB5 */
#include <openssl/objects.h>
#include <openssl/evp.h>
#include <openssl/md5.h>
+#ifdef OPENSSL_FIPS
#include <openssl/fips.h>
+#endif
+
#ifndef OPENSSL_NO_DH
#include <openssl/dh.h>
#endif
#include <openssl/bn.h>
+#ifndef OPENSSL_NO_ENGINE
+#include <openssl/engine.h>
+#endif
static SSL_METHOD *ssl3_get_client_method(int ver);
static int ca_dn_cmp(const X509_NAME * const *a,const X509_NAME * const *b);
{
DH *dh_srvr,*dh_clnt;
+ if (s->session->sess_cert == NULL)
+ {
+ ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE);
+ SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE);
+ goto err;
+ }
+
if (s->session->sess_cert->peer_dh_tmp != NULL)
dh_srvr=s->session->sess_cert->peer_dh_tmp;
else
* ssl->rwstate=SSL_X509_LOOKUP; return(-1);
* We then get retied later */
i=0;
- if (s->ctx->client_cert_cb != NULL)
- i=s->ctx->client_cert_cb(s,&(x509),&(pkey));
+ i = ssl_do_client_cert_cb(s, &x509, &pkey);
if (i < 0)
{
s->rwstate=SSL_X509_LOOKUP;
{
int ok;
long n;
- if (!s->session->tlsext_tick)
+ /* If we have no ticket or session ID is non-zero length (a match of
+ * a non-zero session length would never reach here) it cannot be a
+ * resumed session.
+ */
+ if (!s->session->tlsext_tick || s->session->session_id_length)
return 1;
/* this function is called when we really expect a Certificate
* message, so permit appropriate message length */
return 1;
}
#endif
+
+int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey)
+ {
+ int i = 0;
+#ifndef OPENSSL_NO_ENGINE
+ if (s->ctx->client_cert_engine)
+ {
+ i = ENGINE_load_ssl_client_cert(s->ctx->client_cert_engine, s,
+ SSL_get_client_CA_list(s),
+ px509, ppkey, NULL, NULL, NULL);
+ if (i != 0)
+ return i;
+ }
+#endif
+ if (s->ctx->client_cert_cb)
+ i = s->ctx->client_cert_cb(s,px509,ppkey);
+ return i;
+ }
ctx->tlsext_status_cb=(int (*)(SSL *,void *))fp;
break;
+ case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
+ ctx->tlsext_ticket_key_cb=(int (*)(SSL *,unsigned char *,
+ unsigned char *,
+ EVP_CIPHER_CTX *,
+ HMAC_CTX *, int))fp;
+ break;
+
#endif
default:
return(0);
case SSL3_ST_SW_SRVR_HELLO_B:
ret=ssl3_send_server_hello(s);
if (ret <= 0) goto end;
-
+#ifndef OPENSSL_NO_TLSEXT
if (s->hit)
- s->state=SSL3_ST_SW_CHANGE_A;
+ {
+ if (s->tlsext_ticket_expected)
+ s->state=SSL3_ST_SW_SESSION_TICKET_A;
+ else
+ s->state=SSL3_ST_SW_CHANGE_A;
+ }
+#else
+ if (s->hit)
+ s->state=SSL3_ST_SW_CHANGE_A;
+#endif
else
s->state=SSL3_ST_SW_CERT_A;
s->init_num=0;
* session-id if we want it to be single use.
* Currently I will not implement the '0' length session-id
* 12-Jan-98 - I'll now support the '0' length stuff.
+ *
+ * We also have an additional case where stateless session
+ * resumption is successful: we always send back the old
+ * session id. In this case s->hit is non zero: this can
+ * only happen if stateless session resumption is succesful
+ * if session caching is disabled so existing functionality
+ * is unaffected.
*/
- if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER))
+ if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER)
+ && !s->hit)
s->session->session_id_length=0;
sl=s->session->session_id_length;
unsigned int hlen;
EVP_CIPHER_CTX ctx;
HMAC_CTX hctx;
+ unsigned char iv[EVP_MAX_IV_LENGTH];
+ unsigned char key_name[16];
/* get session encoding length */
slen = i2d_SSL_SESSION(s->session, NULL);
*(p++)=SSL3_MT_NEWSESSION_TICKET;
/* Skip message length for now */
p += 3;
+ EVP_CIPHER_CTX_init(&ctx);
+ HMAC_CTX_init(&hctx);
+ /* Initialize HMAC and cipher contexts. If callback present
+ * it does all the work otherwise use generated values
+ * from parent ctx.
+ */
+ if (s->ctx->tlsext_ticket_key_cb)
+ {
+ if (s->ctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx,
+ &hctx, 1) < 0)
+ {
+ OPENSSL_free(senc);
+ return -1;
+ }
+ }
+ else
+ {
+ RAND_pseudo_bytes(iv, 16);
+ EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
+ s->ctx->tlsext_tick_aes_key, iv);
+ HMAC_Init_ex(&hctx, s->ctx->tlsext_tick_hmac_key, 16,
+ tlsext_tick_md(), NULL);
+ memcpy(key_name, s->ctx->tlsext_tick_key_name, 16);
+ }
l2n(s->session->tlsext_tick_lifetime_hint, p);
/* Skip ticket length for now */
p += 2;
/* Output key name */
macstart = p;
- memcpy(p, s->ctx->tlsext_tick_key_name, 16);
+ memcpy(p, key_name, 16);
p += 16;
- /* Generate and output IV */
- RAND_pseudo_bytes(p, 16);
- EVP_CIPHER_CTX_init(&ctx);
+ /* output IV */
+ memcpy(p, iv, EVP_CIPHER_CTX_iv_length(&ctx));
+ p += EVP_CIPHER_CTX_iv_length(&ctx);
/* Encrypt session data */
- EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
- s->ctx->tlsext_tick_aes_key, p);
- p += 16;
EVP_EncryptUpdate(&ctx, p, &len, senc, slen);
p += len;
EVP_EncryptFinal(&ctx, p, &len);
p += len;
EVP_CIPHER_CTX_cleanup(&ctx);
- HMAC_CTX_init(&hctx);
- HMAC_Init_ex(&hctx, s->ctx->tlsext_tick_hmac_key, 16,
- tlsext_tick_md(), NULL);
HMAC_Update(&hctx, macstart, p - macstart);
HMAC_Final(&hctx, p, &hlen);
HMAC_CTX_cleanup(&hctx);
#include <openssl/buffer.h>
#endif
#include <openssl/pem.h>
+#include <openssl/hmac.h>
#include <openssl/kssl.h>
#include <openssl/safestack.h>
DECLARE_STACK_OF(SSL_CIPHER)
-typedef struct ssl_st SSL;
-typedef struct ssl_ctx_st SSL_CTX;
-
/* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */
typedef struct ssl_method_st
{
int quiet_shutdown;
+#ifndef OPENSSL_ENGINE
+ /* Engine to pass requests for client certs to
+ */
+ ENGINE *client_cert_engine;
+#endif
+
#ifndef OPENSSL_NO_TLSEXT
/* TLS extensions servername callback */
int (*tlsext_servername_callback)(SSL*, int *, void *);
unsigned char tlsext_tick_key_name[16];
unsigned char tlsext_tick_hmac_key[16];
unsigned char tlsext_tick_aes_key[16];
-
+ /* Callback to support customisation of ticket key setting */
+ int (*tlsext_ticket_key_cb)(SSL *ssl,
+ unsigned char *name, unsigned char *iv,
+ EVP_CIPHER_CTX *ectx,
+ HMAC_CTX *hctx, int enc);
+
/* certificate status request info */
/* Callback for status request */
int (*tlsext_status_cb)(SSL *ssl, void *arg);
void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl,int type,int val);
void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey));
int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
+#ifndef OPENSSL_NO_ENGINE
+int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e);
+#endif
void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len));
void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len));
#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS 69
#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP 70
#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP 71
+
+#define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB 72
#endif
#define SSL_session_reused(ssl) \
#define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY 168
#define SSL_F_SSL_CTX_NEW 169
#define SSL_F_SSL_CTX_SET_CIPHER_LIST 269
+#define SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE 278
#define SSL_F_SSL_CTX_SET_PURPOSE 226
#define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT 219
#define SSL_F_SSL_CTX_SET_SSL_VERSION 170
#define SSL_R_NO_CIPHERS_SPECIFIED 183
#define SSL_R_NO_CIPHER_LIST 184
#define SSL_R_NO_CIPHER_MATCH 185
+#define SSL_R_NO_CLIENT_CERT_METHOD 317
#define SSL_R_NO_CLIENT_CERT_RECEIVED 186
#define SSL_R_NO_COMPRESSION_SPECIFIED 187
#define SSL_R_NO_METHOD_SPECIFIED 188
{ERR_FUNC(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY), "SSL_CTX_check_private_key"},
{ERR_FUNC(SSL_F_SSL_CTX_NEW), "SSL_CTX_new"},
{ERR_FUNC(SSL_F_SSL_CTX_SET_CIPHER_LIST), "SSL_CTX_set_cipher_list"},
+{ERR_FUNC(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE), "SSL_CTX_set_client_cert_engine"},
{ERR_FUNC(SSL_F_SSL_CTX_SET_PURPOSE), "SSL_CTX_set_purpose"},
{ERR_FUNC(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT), "SSL_CTX_set_session_id_context"},
{ERR_FUNC(SSL_F_SSL_CTX_SET_SSL_VERSION), "SSL_CTX_set_ssl_version"},
{ERR_REASON(SSL_R_NO_CIPHERS_SPECIFIED) ,"no ciphers specified"},
{ERR_REASON(SSL_R_NO_CIPHER_LIST) ,"no cipher list"},
{ERR_REASON(SSL_R_NO_CIPHER_MATCH) ,"no cipher match"},
+{ERR_REASON(SSL_R_NO_CLIENT_CERT_METHOD) ,"no client cert method"},
{ERR_REASON(SSL_R_NO_CLIENT_CERT_RECEIVED),"no client cert received"},
{ERR_REASON(SSL_R_NO_COMPRESSION_SPECIFIED),"no compression specified"},
{ERR_REASON(SSL_R_NO_METHOD_SPECIFIED) ,"no method specified"},
#ifndef OPENSSL_NO_DH
#include <openssl/dh.h>
#endif
+#ifndef OPENSSL_NO_ENGINE
+#include <openssl/engine.h>
+#endif
const char *SSL_version_str=OPENSSL_VERSION_TEXT;
ret->tlsext_status_cb = 0;
ret->tlsext_status_arg = NULL;
+#endif
+
+#ifndef OPENSSL_NO_ENGINE
+ ret->client_cert_engine = NULL;
+#ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO
+#define eng_strx(x) #x
+#define eng_str(x) eng_strx(x)
+ /* Use specific client engine automatically... ignore errors */
+ {
+ ENGINE *eng;
+ eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO));
+ if (!eng)
+ {
+ ERR_clear_error();
+ ENGINE_load_builtin_engines();
+ eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO));
+ }
+ if (!eng || !SSL_CTX_set_client_cert_engine(ret, eng))
+ ERR_clear_error();
+ }
+#endif
#endif
return(ret);
sk_SSL_COMP_pop_free(a->comp_methods,SSL_COMP_free);
#else
a->comp_methods = NULL;
+#endif
+#ifndef OPENSSL_NO_ENGINE
+ if (a->client_cert_engine)
+ ENGINE_finish(a->client_cert_engine);
#endif
OPENSSL_free(a);
}
int ssl3_get_cert_status(SSL *s);
int ssl3_get_server_done(SSL *s);
int ssl3_send_client_verify(SSL *s);
+int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey);
int ssl3_send_client_certificate(SSL *s);
int ssl3_send_client_key_exchange(SSL *s);
int ssl3_get_key_exchange(SSL *s);
int ret=0;
X509 *x=NULL;
+ ERR_clear_error(); /* clear error stack for SSL_CTX_use_certificate() */
+
in=BIO_new(BIO_s_file_internal());
if (in == NULL)
{
#include <stdio.h>
#include <openssl/lhash.h>
#include <openssl/rand.h>
+#ifndef OPENSSL_NO_ENGINE
+#include <openssl/engine.h>
+#endif
#include "ssl_locl.h"
static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s);
return ctx->client_cert_cb;
}
+#ifndef OPENSSL_NO_ENGINE
+int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e)
+ {
+ if (!ENGINE_init(e))
+ {
+ SSLerr(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE, ERR_R_ENGINE_LIB);
+ return 0;
+ }
+ if(!ENGINE_get_ssl_client_cert_function(e))
+ {
+ SSLerr(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE, SSL_R_NO_CLIENT_CERT_METHOD);
+ ENGINE_finish(e);
+ return 0;
+ }
+ ctx->client_cert_engine = e;
+ return 1;
+ }
+#endif
+
void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx,
int (*cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len))
{
case SSL3_ST_CR_KEY_EXCH_B: str="SSLv3 read server key exchange B"; break;
case SSL3_ST_CR_CERT_REQ_A: str="SSLv3 read server certificate request A"; break;
case SSL3_ST_CR_CERT_REQ_B: str="SSLv3 read server certificate request B"; break;
+case SSL3_ST_CR_SESSION_TICKET_A: str="SSLv3 read server session ticket A";break;
+case SSL3_ST_CR_SESSION_TICKET_B: str="SSLv3 read server session ticket B";break;
case SSL3_ST_CR_SRVR_DONE_A: str="SSLv3 read server done A"; break;
case SSL3_ST_CR_SRVR_DONE_B: str="SSLv3 read server done B"; break;
case SSL3_ST_CW_CERT_A: str="SSLv3 write client certificate A"; break;
case SSL3_ST_SW_KEY_EXCH_B: str="SSLv3 write key exchange B"; break;
case SSL3_ST_SW_CERT_REQ_A: str="SSLv3 write certificate request A"; break;
case SSL3_ST_SW_CERT_REQ_B: str="SSLv3 write certificate request B"; break;
+case SSL3_ST_SW_SESSION_TICKET_A: str="SSLv3 write session ticket A"; break;
+case SSL3_ST_SW_SESSION_TICKET_B: str="SSLv3 write session ticket B"; break;
case SSL3_ST_SW_SRVR_DONE_A: str="SSLv3 write server done A"; break;
case SSL3_ST_SW_SRVR_DONE_B: str="SSLv3 write server done B"; break;
case SSL3_ST_SR_CERT_A: str="SSLv3 read client certificate A"; break;
s->session->tlsext_hostname[len]='\0';
if (strlen(s->session->tlsext_hostname) != len) {
OPENSSL_free(s->session->tlsext_hostname);
+ s->session->tlsext_hostname = NULL;
*al = TLS1_AD_UNRECOGNIZED_NAME;
return 0;
}
SSL_SESSION *sess;
unsigned char *sdec;
const unsigned char *p;
- int slen, mlen;
+ int slen, mlen, renew_ticket = 0;
unsigned char tick_hmac[EVP_MAX_MD_SIZE];
HMAC_CTX hctx;
EVP_CIPHER_CTX ctx;
+ /* Need at least keyname + iv + some encrypted data */
+ if (eticklen < 48)
+ goto tickerr;
+ /* Initialize session ticket encryption and HMAC contexts */
+ HMAC_CTX_init(&hctx);
+ EVP_CIPHER_CTX_init(&ctx);
+ if (s->ctx->tlsext_ticket_key_cb)
+ {
+ unsigned char *nctick = (unsigned char *)etick;
+ int rv = s->ctx->tlsext_ticket_key_cb(s, nctick, nctick + 16,
+ &ctx, &hctx, 0);
+ if (rv < 0)
+ return -1;
+ if (rv == 0)
+ goto tickerr;
+ if (rv == 2)
+ renew_ticket = 1;
+ }
+ else
+ {
+ /* Check key name matches */
+ if (memcmp(etick, s->ctx->tlsext_tick_key_name, 16))
+ goto tickerr;
+ HMAC_Init_ex(&hctx, s->ctx->tlsext_tick_hmac_key, 16,
+ tlsext_tick_md(), NULL);
+ EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
+ s->ctx->tlsext_tick_aes_key, etick + 16);
+ }
/* Attempt to process session ticket, first conduct sanity and
* integrity checks on ticket.
*/
- mlen = EVP_MD_size(tlsext_tick_md());
+ mlen = HMAC_size(&hctx);
eticklen -= mlen;
- /* Need at least keyname + iv + some encrypted data */
- if (eticklen < 48)
- goto tickerr;
- /* Check key name matches */
- if (memcmp(etick, s->ctx->tlsext_tick_key_name, 16))
- goto tickerr;
/* Check HMAC of encrypted ticket */
- HMAC_CTX_init(&hctx);
- HMAC_Init_ex(&hctx, s->ctx->tlsext_tick_hmac_key, 16,
- tlsext_tick_md(), NULL);
HMAC_Update(&hctx, etick, eticklen);
HMAC_Final(&hctx, tick_hmac, NULL);
HMAC_CTX_cleanup(&hctx);
if (memcmp(tick_hmac, etick + eticklen, mlen))
goto tickerr;
- /* Set p to start of IV */
- p = etick + 16;
- EVP_CIPHER_CTX_init(&ctx);
/* Attempt to decrypt session data */
- EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
- s->ctx->tlsext_tick_aes_key, p);
/* Move p after IV to start of encrypted ticket, update length */
- p += 16;
- eticklen -= 32;
+ p = etick + 16 + EVP_CIPHER_CTX_iv_length(&ctx);
+ eticklen -= 16 + EVP_CIPHER_CTX_iv_length(&ctx);
sdec = OPENSSL_malloc(eticklen);
if (!sdec)
{
memcpy(sess->session_id, sess_id, sesslen);
sess->session_id_length = sesslen;
*psess = sess;
- s->tlsext_ticket_expected = 0;
+ s->tlsext_ticket_expected = renew_ticket;
return 1;
}
/* If session decrypt failure indicate a cache miss and set state to
#define SSL_CTX_set_tlsext_status_arg(ssl, arg) \
SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0, (void *)arg)
+#define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \
+SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
+
#endif
/* Additional TLS ciphersuites from draft-ietf-tls-56-bit-ciphersuites-00.txt
"FreeBSD","FreeBSD distribution",
"OS2-EMX", "EMX GCC OS/2",
"netware-clib", "CodeWarrior for NetWare - CLib - with WinSock Sockets",
+ "netware-clib-bsdsock", "CodeWarrior for NetWare - CLib - with BSD Sockets",
"netware-libc", "CodeWarrior for NetWare - LibC - with WinSock Sockets",
"netware-libc-bsdsock", "CodeWarrior for NetWare - LibC - with BSD Sockets",
"default","cc under unix",
no-hw - No hw
nasm - Use NASM for x86 asm
nw-nasm - Use NASM x86 asm for NetWare
- nw-mwasm - Use Metrowerks x86 asm for NetWare
+ nw-mwasm - Use Metrowerks x86 asm for NetWare
gaswin - Use GNU as with Mingw32
no-socks - No socket code
no-err - No error strings
require 'OS2-EMX.pl';
}
elsif (($platform eq "netware-clib") || ($platform eq "netware-libc") ||
- ($platform eq "netware-libc-bsdsock"))
+ ($platform eq "netware-clib-bsdsock") || ($platform eq "netware-libc-bsdsock"))
{
$LIBC=1 if $platform eq "netware-libc" || $platform eq "netware-libc-bsdsock";
- $BSDSOCK=1 if $platform eq "netware-libc-bsdsock";
+ $BSDSOCK=1 if ($platform eq "netware-libc-bsdsock") || ($platform eq "netware-clib-bsdsock");
require 'netware.pl';
}
else
$cflags.=" -DOPENSSL_NO_SOCK" if $no_sock;
$cflags.=" -DOPENSSL_NO_SSL2" if $no_ssl2;
$cflags.=" -DOPENSSL_NO_SSL3" if $no_ssl3;
-$cflags.=" -DOPENSSL_NO_TLSEXT" if $no_tlsext;
+$cflags.=" -DOPENSSL_NO_TLSEXT" if $no_tlsext;
+$cflags.=" -DOPENSSL_NO_CMS" if $no_cms;
+$cflags.=" -DOPENSSL_NO_CAPIENG" if $no_capieng;
$cflags.=" -DOPENSSL_NO_ERR" if $no_err;
$cflags.=" -DOPENSSL_NO_KRB5" if $no_krb5;
$cflags.=" -DOPENSSL_NO_EC" if $no_ec;
return("") if $no_dsa && $dir =~ /\/dsa/;
return("") if $no_dh && $dir =~ /\/dh/;
return("") if $no_ec && $dir =~ /\/ec/;
+ return("") if $no_cms && $dir =~ /\/cms/;
if ($no_des && $dir =~ /\/des/)
{
if ($val =~ /read_pwd/)
"no-ssl2" => \$no_ssl2,
"no-ssl3" => \$no_ssl3,
"no-tlsext" => \$no_tlsext,
+ "no-cms" => \$no_cms,
+ "no-capieng" => \$no_capieng,
"no-err" => \$no_err,
"no-sock" => \$no_sock,
"no-krb5" => \$no_krb5,
my $safe_stack_def = 0;
my @known_platforms = ( "__FreeBSD__", "PERL5", "NeXT",
- "EXPORT_VAR_AS_FUNCTION", "OPENSSL_FIPS" );
+ "EXPORT_VAR_AS_FUNCTION", "ZLIB", "OPENSSL_FIPS" );
my @known_ossl_platforms = ( "VMS", "WIN16", "WIN32", "WINNT", "OS2" );
my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF",
"CAST", "MD2", "MD4", "MD5", "SHA", "SHA0", "SHA1",
"RFC3779",
# TLS extension support
"TLSEXT",
+ # CMS
+ "CMS",
+ # CryptoAPI Engine
+ "CAPIENG",
# Deprecated functions
"DEPRECATED" );
my $no_ec; my $no_ecdsa; my $no_ecdh; my $no_engine; my $no_hw; my $no_camellia;
my $no_seed;
my $no_fp_api; my $no_static_engine; my $no_gmp; my $no_deprecated;
-my $no_rfc3779; my $no_tlsext;
+my $no_rfc3779; my $no_tlsext; my $no_cms; my $no_capieng;
my $fips;
$OS2=1 if $_ eq "OS2";
$fips=1 if /^fips/;
+ if ($_ eq "zlib" || $_ eq "zlib-dynamic"
+ || $_ eq "enable-zlib-dynamic") {
+ $zlib = 1;
+ }
+
+
$do_ssl=1 if $_ eq "ssleay";
if ($_ eq "ssl") {
$do_ssl=1;
elsif (/^no-engine$/) { $no_engine=1; }
elsif (/^no-hw$/) { $no_hw=1; }
elsif (/^no-gmp$/) { $no_gmp=1; }
- elsif (/^no-tlsext$/) { $no_tlsext=1; }
elsif (/^no-rfc3779$/) { $no_rfc3779=1; }
+ elsif (/^no-tlsext$/) { $no_tlsext=1; }
+ elsif (/^no-cms$/) { $no_cms=1; }
+ elsif (/^no-capieng$/) { $no_capieng=1; }
}
$crypto.=" crypto/tmdiff.h";
$crypto.=" crypto/store/store.h";
$crypto.=" crypto/pqueue/pqueue.h";
+$crypto.=" crypto/cms/cms.h";
$crypto.=" fips/fips.h fips/rand/fips_rand.h";
my $symhacks="crypto/symhacks.h";
if ($keyword eq "OPENSSL_FIPS" && $fips) {
return 1;
}
+ if ($keyword eq "ZLIB" && $zlib) { return 1; }
return 0;
} else {
# algorithms
if ($keyword eq "GMP" && $no_gmp) { return 0; }
if ($keyword eq "RFC3779" && $no_rfc3779) { return 0; }
if ($keyword eq "TLSEXT" && $no_tlsext) { return 0; }
+ if ($keyword eq "CMS" && $no_cms) { return 0; }
+ if ($keyword eq "CAPIENG" && $no_capieng) { return 0; }
if ($keyword eq "DEPRECATED" && $no_deprecated) { return 0; }
# Nothing recognise as true
projects / oweals / openssl.git / commitdiff